Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Eclipse — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting Eclipse. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Eclipse serves as a comprehensive integrated development environment (IDE) primarily used for software development across multiple programming languages. Historically, it has been susceptible to various vulnerability classes, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation, often stemming from its extensive plugin architecture and complex codebase. Security researchers have identified over 14 CVEs, with notable incidents involving insecure deserialization flaws and improper input validation in core components. Its modular nature, while providing flexibility, introduces potential attack surfaces through third-party extensions. Regular security updates are essential for maintaining secure development environments using this platform.

Top products by Eclipse: jetty.project Mosquitto keti CycloneDDS deeplearning4j
CVE IDTitleCVSSSeverityPublished
CVE-2023-5632 Unconditionally adding an event to the epoll causes excessive CPU consumption — MosquittoCWE-834 7.5 High2023-10-18
CVE-2023-36478 HTTP/2 HPACK integer overflow and buffer allocation — jetty.projectCWE-190 7.5 High2023-10-10
CVE-2023-3592 Eclipse Mosquitto 安全漏洞 — MosquittoCWE-401 5.8 Medium2023-10-02
CVE-2023-0809 Eclipse Mosquitto 安全漏洞 — MosquittoCWE-789 5.8 Medium2023-10-02
CVE-2023-41900 Jetty's OpenId Revoked authentication allows one request — jetty.projectCWE-1390 3.5 Low2023-09-15
CVE-2023-40167 Jetty accepts "+" prefixed value in Content-Length — jetty.projectCWE-130 5.3 Medium2023-09-15
CVE-2023-36479 Jetty vulnerable to errant command quoting in CGI Servlet — jetty.projectCWE-149 3.5 Low2023-09-15
CVE-2023-26049 Cookie parsing of quoted values can exfiltrate values from other cookies in Eclipse Jetty — jetty.projectCWE-200 2.4 Low2023-04-18
CVE-2023-26048 OutOfMemoryError for large multipart without filename in Eclipse Jetty — jetty.projectCWE-400 5.3 Medium2023-04-18
CVE-2022-36022 Some Deeplearning4J packages use unclaimed s3 bucket in tests and examples — deeplearning4jCWE-344 5.3 Medium2022-11-10
CVE-2021-38443 Eclipse CycloneDDS Improper Handling of Syntactically Invalid Structure — CycloneDDSCWE-228 6.6 Medium2022-05-05
CVE-2021-38441 Eclipse CycloneDDS Write-what-where Condition — CycloneDDSCWE-123 6.6 Medium2022-05-05
CVE-2021-32835 Groovy Sandbox escape in Eclipse Keti — ketiCWE-693 9.9 -2021-09-09
CVE-2021-32834 Arbitrary Groovy script evaluation in Eclipse Keti — ketiCWE-94 8.2 High2021-09-09

This page lists every published CVE security advisory associated with Eclipse. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.