GHSA-2mw4-wj8c-7f93

Suggest an improvement
Source
https://github.com/advisories/GHSA-2mw4-wj8c-7f93
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-2mw4-wj8c-7f93/GHSA-2mw4-wj8c-7f93.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-2mw4-wj8c-7f93
Aliases
Published
2023-11-03T09:32:49Z
Modified
2024-02-16T08:11:53.682476Z
Severity
  • 6.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVSS Calculator
Summary
Eclipse Glassfish remote code execution issue
Details

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

Database specific 
{
    "nvd_published_at": "2023-11-03T07:15:14Z",
    "cwe_ids": [
        "CWE-20",
        "CWE-913"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-03T19:46:48Z"
}
References

Affected packages

Maven / org.glassfish.main.orb:orb-connector

Package

Name
org.glassfish.main.orb:orb-connector
View open source insights on deps.dev
Purl
pkg:maven/org.glassfish.main.orb/orb-connector

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
7.0.0

Affected versions

5.*

5.0
5.0.1
5.1.0-RC1
5.1.0-RC2
5.1.0

6.*

6.0.0-M1
6.0.0-RC1
6.0.0-RC2
6.0.0-RC3
6.0.0-RC4
6.0.0
6.1.0
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5

7.*

7.0.0-M1
7.0.0-M2
7.0.0-M3
7.0.0-M4
7.0.0-M10