N/A

In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local installation, particularly by installing plug-ins that may then run malicious code.

N/A

通道可被非端点访问(中间人攻击)

Eclipse Equinox 安全漏洞

Eclipse Equinox是Eclipse基金会的一个子项目，提供OSGi R4.x 核心框架规范的认证实现。 Eclipse Equinox 4.21之前版本存在安全漏洞，该漏洞源于如果使用HTTP的p2存储库，安装可能容易受到中间人攻击。

N/A

N/A