CVE-2024-9408

描述

In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints.

受影響套件(1)

• Maven/org.glassfish.main.admingui:console-commonfrom 0, <= 6.2.5

CVSS 分數

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-9408
• PATCHhttps://github.com/eclipse-ee4j/glassfish
• WEBhttps://gitlab.eclipse.org/security/cve-assignement/-/issues/38
• WEBhttps://gitlab.eclipse.org/security/vulnerability-reports/-/issues/239