Exploit for OS Command Injection in Std42 Elfinder

CVE-2019-9194 — elFinder Command Injection PoC Command in...

EUVD-2024-49786

Malicious code in bioql PyPI...

CVE-2024-9202

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...

CVE-2024-9202 EDC DataSetResolver policy filtering missing

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...

CVE-2024-9202 EDC DataSetResolver policy filtering missing

In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...

CVE-2024-9202

CVE-2024-9202 affects Eclipse Dataspace Components versions 0.1.3–0.9.0. The Connector’s catalog filtering fails for single-dataset requests, potentially allowing unauthorized parties to view restricted datasets. The issue stems from missing filtering in the DatasetResolverImpl (lines 76–79). Exp...

Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component, an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security vulnerability in the EDC Connector component...

CVE-2024-4536

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...

CVE-2024-4536 Eclipse EDC: OAuth2 Credential Exfiltration Vulnerability

In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...