The Jetty security vulnerabilities reported in DevTest 10.3 are for jetty-version-9.3.11(jetty-all-9.3.11.v20160721-uber.jar).
To resolve this issue we required to upgrade the jetty server with jetty-all-9.3.24.v20180605-uber.jar. It is not possible to provide a patch to remediate these vulnerabilities because changing the jar version breaks the classes and some other existing jars version does not support the jetty-all-9.3.24.v20180605-uber.jar.
A patch on top of DevTest 10.6 is available.
Please open a support case to request the patch.