CVE-2024-8642 – Eclipse EDC: Consumer pull transfer token validation checks not applied
https://notcve.org/view.php?id=CVE-2024-8642
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed. • https://github.com/eclipse-edc/Connector/commit/04899e91dcdb4a407db4eb7af3e7b6ff9a9e9ad6 https://github.com/eclipse-edc/Connector/releases/tag/v0.9.0 https://gitlab.eclipse.org/security/cve-assignement/-/issues/28 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/234 • CWE-303: Incorrect Implementation of Authentication Algorithm CWE-305: Authentication Bypass by Primary Weakness •
CVE-2024-8646 – Eclipse Glassfish: URL redirection vulnerability to untrusted sites
https://notcve.org/view.php?id=CVE-2024-8646
In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). • https://github.com/eclipse-ee4j/glassfish/pull/24655 https://gitlab.eclipse.org/security/cve-assignement/-/issues/34 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163 https://glassfish.org/download • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2024-8391 – Eclipse Vert.x gRPC server does not limit the maximum message size
https://notcve.org/view.php?id=CVE-2024-8391
In Eclipse Vert.x version 4.3.0 to 4.5.9, the gRPC server does not limit the maximum length of message payload (Maven GAV: io.vertx:vertx-grpc-server and io.vertx:vertx-grpc-client). This is fixed in the 4.5.10 version. Note this does not affect the Vert.x gRPC server based grpc-java and Netty libraries (Maven GAV: io.vertx:vertx-grpc) A flaw was found in the gRPC server in Eclipse Vert.x, which does not limit the maximum length of the message payload. This may lead to excessive memory consumption in a server or a client, causing a denial of service. • https://github.com/eclipse-vertx/vertx-grpc/issues/113 https://gitlab.eclipse.org/security/cve-assignement/-/issues/31 https://access.redhat.com/security/cve/CVE-2024-8391 https://bugzilla.redhat.com/show_bug.cgi?id=2309758 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2023-7272 – Eclipse Parsson stack overflow with deeply nested objects
https://notcve.org/view.php?id=CVE-2023-7272
In Eclipse Parsson before 1.0.4 and 1.1.3, a document with a large depth of nested objects can allow an attacker to cause a Java stack overflow exception and denial of service. Eclipse Parsson allows processing (e.g. parse, generate, transform and query) JSON documents. En Eclipse Parsson anterior a 1.0.4 y 1.1.3, un documento con una gran profundidad de objetos anidados puede permitir que un atacante provoque una excepción de desbordamiento de pila de Java y denegación de servicio. Eclipse Parsson permite procesar (por ejemplo, analizar, generar, transformar y consultar) documentos JSON. • https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/12 • CWE-787: Out-of-bounds Write •
CVE-2024-3933 – Eclipse Open J9 With -Xgc:concurrentScavenge on IBM Z, could write/read outside of a buffer
https://notcve.org/view.php?id=CVE-2024-3933
In Eclipse OpenJ9 release versions prior to 0.44.0 and after 0.13.0, when running with JVM option -Xgc:concurrentScavenge, the sequence generated for System.arrayCopy on the IBM Z platform with hardware and software support for guarded storage [1], could allow access to a buffer with an incorrect length value when executing an arraycopy sequence while the Concurrent Scavenge Garbage Collection cycle is active and the source and destination memory regions for arraycopy overlap. This allows read and write to addresses beyond the end of the array range. En las versiones de Eclipse OpenJ9 anteriores a 0.44.0 y posteriores a 0.13.0, cuando se ejecuta con la opción JVM -Xgc:concurrentScavenge, la secuencia generada para System.arrayCopy en la plataforma IBM Z con soporte de hardware y software para almacenamiento protegido [1], podría permitir el acceso a un búfer con un valor de longitud incorrecto al ejecutar una secuencia de copia de matriz mientras el ciclo de recolección de basura de recuperación concurrente está activo y las regiones de memoria de origen y destino para la copia de matriz se superponen. Esto permite leer y escribir en direcciones más allá del final del rango de la matriz. • https://github.com/eclipse/omr/pull/7275 https://gitlab.eclipse.org/security/cve-assignement/-/issues/21 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write CWE-805: Buffer Access with Incorrect Length Value •