Jetty 9.4.26.v20200117 as used by dynmap is outdated by over 5 years. There are 10 known vulnerabilities:

• 5.9 CVE-2024-8184: ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
• 3.7 CVE-2023-26049: Cookie parsing of quoted values can exfiltrate values from other cookies
• 5.3 CVE-2023-26048: OutOfMemoryError for large multipart without filename read via request.getParameter()
• 2.9 CVE-2021-34428: SessionListener can prevent a session from being invalidated breaking logout
• 7.5 CVE-2021-28165: CPU 100% receiving an invalid large TLS frame
• 5.3 CVE-2020-27223: DOS vulnerability for Quoted Quality CSV headers
• 4.8 CVE-2020-27218: Buffer not correctly recycled in Gzip Request inflation
• 3.7 CVE-2024-6763: URI parsing of invalid authority
• 5.3 CVE-2023-40167: Jetty accepts "+" prefixed value in Content-Length
• 2.7 CVE-2022-2047: Invalid URI parsing may produce invalid HttpURI.authority

I have not checked which of these apply to dynmap directly, but i would still advise updating, especially because the plugin runs on at least 13000 servers, as reported by bStats. Updating to a newer Jetty version will probably also improve performance.