The source project of this merge request has been removed.
Update CVE-2023-44487.yml
Hello! This seems a false positive to me since the issue is in org.eclipse.jetty.http2:http2-common and the same would apply to all the jetty packages marked to this CVE. The vulnerability is in the HTTP/2 protocol itself and the patch has been made in the http2-common package of jetty
https://security.snyk.io/vuln/SNYK-JAVA-ORGECLIPSEJETTYHTTP2-5958918 here you can find the fix commits, especially for this https://github.com/jetty/jetty.project/commit/dbb94514dc9d3fb21fe92080f57c314e7e06a148