In Eclipse Jetty, versions 12.0.0-12.0.31 and 12.1.0-12.0.5, class GzipHandler exposes a vulnerability when a compressed HTTP request, with Content-Encoding: gz…

Eclipse Jetty versions 12.0.0-12.0.31 and 12.1.0-12.0.5 contain a memory leak vulnerability in the GzipHandler class. The vulnerability occurs when processing compressed HTTP requests with Content-Encoding: gzip where the response is not compressed. The JDK Inflater allocated for decompressing the request is not properly released because the release mechanism is tied to compressed responses. When responses are uncompressed, the release mechanism fails to trigger, causing a memory leak that could lead to resource exhaustion.