Vulnerabilities > Eclipse
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-09 | CVE-2020-27225 | Missing Authentication for Critical Function vulnerability in Eclipse Platform In versions 4.18 and earlier of the Eclipse Platform, the Help Subsystem does not authenticate active help requests to the local help web server, allowing an unauthenticated local attacker to issue active help commands to the associated Eclipse Platform process or Eclipse Rich Client Platform process. | 4.6 |
| 2021-02-26 | CVE-2020-27223 | Resource Exhaustion vulnerability in multiple products In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of “quality” (i.e. | 5.3 |
| 2021-02-24 | CVE-2020-27224 | Cross-site Scripting vulnerability in Eclipse Theia In Eclipse Theia versions up to and including 1.2.0, the Markdown Preview (@theia/preview), can be exploited to execute arbitrary code. | 9.3 |
| 2021-02-03 | CVE-2020-27222 | Unspecified vulnerability in Eclipse Californium In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. | 5.0 |
| 2021-01-21 | CVE-2020-27221 | Out-of-bounds Write vulnerability in Eclipse Openj9 In Eclipse OpenJ9 up to and including version 0.23, there is potential for a stack-based buffer overflow when the virtual machine or JNI natives are converting from UTF-8 characters to platform encoding. | 7.5 |
| 2021-01-20 | CVE-2020-35217 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse Vert.X-Web 4.0.0 Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. | 6.8 |
| 2021-01-14 | CVE-2020-27220 | Missing Authorization vulnerability in Eclipse Hono The Eclipse Hono AMQP and MQTT protocol adapters do not check whether an authenticated gateway device is authorized to receive command & control messages when it has subscribed only to commands for a specific device. | 9.0 |
| 2021-01-14 | CVE-2020-27219 | Cross-site Scripting vulnerability in Eclipse Hawkbit In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not Found) JSON response body returned by the REST API may contain unsafe characters within the path attribute. | 4.3 |
| 2020-12-14 | CVE-2020-14368 | Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces. | 4.6 |
| 2020-11-28 | CVE-2020-27218 | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. | 4.8 |