31 matches found
EUVD-2024-1371
Malicious code in bioql PyPI...
EUVD-2024-2751
Malicious code in bioql PyPI...
EUVD-2024-49786
Malicious code in bioql PyPI...
CVE-2024-9202
In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...
CVE-2024-8642
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
CVE-2024-4536
In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, in the EDC Connector component https://github.com/eclipse-edc/Connector , an attacker might obtain OAuth2 client secrets from the vault. In Eclipse Dataspace Components from version 0.2.1 to 0.6.2, we have identified a security...
CVE-2024-9202
In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...
CVE-2024-9202
In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...
CVE-2024-9202 EDC DataSetResolver policy filtering missing
In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...
CVE-2024-9202 EDC DataSetResolver policy filtering missing
In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets = data offers another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single...
CVE-2024-9202
CVE-2024-9202 affects Eclipse Dataspace Components versions 0.1.3–0.9.0. The Connector’s catalog filtering fails for single-dataset requests, potentially allowing unauthorized parties to view restricted datasets. The issue stems from missing filtering in the DatasetResolverImpl (lines 76–79). Exp...
Eclipse Dataspace Components 安全漏洞
Eclipse Dataspace Components is a development connector for the Eclipse Dataspace Components open source. A security vulnerability exists in Eclipse Dataspace Components versions 0.1.3 through 0.9.0, which stems from a lack of proper filtering to expose sensitive information...
PT-2024-39485 · Eclipse · Eclipse Dataspace Components
Name of the Vulnerable Software and Affected Versions: Eclipse Dataspace Components versions 0.1.3 through 0.9.0 Description: The issue concerns the Connector component in Eclipse Dataspace Components, which is responsible for filtering datasets that another party can see in a requested catalog...
GHSA-8259-2X72-2GVC Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
CVE-2024-8642
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
CVE-2024-8642
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
CVE-2024-8642 Eclipse EDC: Consumer pull transfer token validation checks not applied
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity expiry, not-before, issuance date, which can allow an attacker to bypass the check for token expiration. The issue requires to have ...
CVE-2024-8642
CVE-2024-8642 affects Eclipse Dataspace Components: versions 0.5.0 up to before 0.9.0 suffer from a missing token validity check in ConsumerPullTransferTokenValidationApiController (expiry, not-before, issuance date). This can enable bypass of token expiration protections when a dataplane is conf...