Описание
Eclipse GlassFish is vulnerable to Server Side Request Forgery attacks through specific endpoints
In Eclipse GlassFish version 6.2.5, it is possible to perform a Server Side Request Forgery attack using specific endpoints.
Пакеты
Наименование
org.glassfish.main.admingui:console-common
maven
Затронутые версииВерсия исправления
<= 6.2.5
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
7 месяцев назад
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.