UBUNTU-CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949 XXE vulnerability in Eclipse JGit

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949 XXE vulnerability in Eclipse JGit

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

In Eclipse JGit versions 7.2.0.202503040940-r and older, the ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol allowing to store git pack files in an Amazon S3 bucket, are vulnerable to XML External Entity XXE...

CVE-2025-4949

CVE-2025-4949 is an XXE vulnerability in Eclipse JGit (ManifestParser used by repo and AmazonS3 transport). IBM documentation links this CVE to IBM WebMethods Integration (on prem) 11.1 with fixes in 11.1 Fix 2 and related 2.0.3 components; IBM security pages list a remediation path via updating ...

PT-2025-22326

Name of the Vulnerable Software and Affected Versions Eclipse JGit versions 7.2.0.202503040940-r and older Description The ManifestParser class used by the repo command and the AmazonS3 class used to implement the experimental amazons3 git transport protocol are vulnerable to XML External Entity...

Eclipse JGit 代码问题漏洞

Eclipse JGit is an open source Java implementation of the Eclipse Foundation for handling the Git version control system. A security vulnerability exists in Eclipse JGit 7.2.0.202503040940-r and prior versions, which stems from an XML external entity attack when parsing XML files, which could lea...

A Bootiful Podcast: Donald Raab on Eclipse Collections

Hi, Spring fans! In this edition, we talk to Eclipse Collections founder Donald Raab...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-q4rv-gq96-w7c5) - Windows

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

Eclipse Jetty DoS Vulnerability (GHSA-889j-63jv-qhr8) - Linux

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

Eclipse Jetty Information Disclosure Vulnerability (GHSA-q4rv-gq96-w7c5) - Linux

Eclipse Jetty is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty"...

Eclipse Jetty DoS Vulnerability (GHSA-889j-63jv-qhr8) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

IBM Java 7.1 < 7.1.5.26 / 8.0 < 8.0.8.45

The version of IBM Java installed on the remote host is 7.1 prior to 7.1.5.26 / 8.0 prior to 8.0.8.45. It is, therefore, affected by a vulnerability as referenced in the IBM Security Update May 2025 advisory. - In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based...

Low: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a...

Low: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, if an exception is thrown from the SessionListenersessionDestroyed method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a...

CVE-2025-4447

A flaw was found in Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8. A stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts...

CVE-2024-13009

A flaw was found in Eclipse Jetty. This vulnerability allows corrupted and inadvertent data sharing between requests via a gzip error when inflating a request body. If the request body is malformed, the gzip decompression process can fail, resulting in the application inadvertently using data fro...

CVE-2025-4447

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts...

CVE-2025-4447

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts...

CVE-2025-4447 Buffer Overflow in Eclipse OpenJ9

In Eclipse OpenJ9 versions up to 0.51, when used with OpenJDK version 8 a stack based buffer overflow can be caused by modifying a file on disk that is read when the JVM starts...