Vulnerabilities > Eclipse > Eclipse Dataspace Components > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-11 CVE-2024-8642 Improper Authentication vulnerability in Eclipse Dataspace Components
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration.
network
low complexity
eclipse CWE-287
8.1