GCVE - cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Eclipse (`fa988180-604e-5c1f-93ea-65b5297000fc`)
Product	Glassfish (`3ed658dd-1a46-5076-aec6-4bc3a9429438`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:docker/glassfish`	purl2cpe	2026-06-01 10:15:03.046176
`pkg:github/eclipse-ee4j/glassfish`	purl2cpe	2026-06-01 10:15:03.046178
`pkg:golang/github.com/eclipse-ee4j/glassfish`	purl2cpe	2026-06-01 10:15:03.046179

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-9329`	vulnerable	2026-06-03 14:58:21.023445	Glassfish redirect to untrusted site In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Published: 2024-09-30T07:11:53.688Z Updated: 2024-10-07T15:59:12.662Z Open on db.gcve.eu Reference links https://github.com/eclipse-ee4j/glassfish/pull/25106 https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/232	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-8646`	vulnerable	2026-06-03 14:58:19.047660	Eclipse Glassfish: URL redirection vulnerability to untrusted sites MEDIUM (6.1) In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/'). Published: 2024-09-11T13:26:47.468Z Updated: 2024-09-11T13:40:06.290Z Open on db.gcve.eu Reference links https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163 https://gitlab.eclipse.org/security/cve-assignement/-/issues/34 https://github.com/eclipse-ee4j/glassfish/pull/24655 https://glassfish.org/download	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-5763`	vulnerable	2026-06-03 14:53:49.574472	Glassfish remote code execution MEDIUM (6.8) In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners. Published: 2023-11-03T06:40:43.441Z Updated: 2024-09-05T19:04:31.768Z Open on db.gcve.eu Reference links https://glassfish.org/docs/latest/security-guide.html#securing-glassfish-server https://gitlab.eclipse.org/security/cve-assignement/-/issues/14	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-2712`	vulnerable	2026-06-03 14:47:06.958345	Details available MEDIUM (6.5) In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code. Published: 2023-01-27T00:00:00.000Z Updated: 2025-03-27T18:48:26.469Z Open on db.gcve.eu Reference links https://bugs.eclipse.org/580502	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.