Skip to content

In all released versions of Eclipse Equinox, at least...

High severity Unreviewed Published May 24, 2022 to the GitHub Advisory Database • Updated Jan 30, 2023

Package

No package listedSuggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

References

Published by the National Vulnerability Database Sep 13, 2021
Published to the GitHub Advisory Database May 24, 2022
Last updated Jan 30, 2023

Severity

High

EPSS score

0.128%
(49th percentile)

Weaknesses

CVE ID

CVE-2021-41033

GHSA ID

GHSA-c5fh-3q27-g4r5

Source code

No known source code

Dependabot alerts are not supported on this advisory because it does not have a package from a supported ecosystem with an affected and fixed version.

Learn more about GitHub language support

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.