Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Eclipse EDC: Consumer pull transfer token validation checks not applied
Vulnerability Description
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issue requires to have a dataplane configured to support http proxy consumer pull AND include the module "transfer-data-plane". The affected code was marked deprecated from the version 0.6.0 in favour of Dataplane Signaling. In 0.9.0 the vulnerable code has been removed.
CVSS Information
N/A
Vulnerability Type
认证算法的不正确实现
Vulnerability Title
Eclipse Dataspace Components 安全漏洞
Vulnerability Description
Eclipse Dataspace Components是Eclipse Dataspace Components开源的一个开发连接器。 Eclipse Dataspace Components 0.5.0版本至0.9.0之前版本存在安全漏洞,该漏洞源于不检查令牌有效性,这可以让攻击者绕过对令牌到期的检查。
CVSS Information
N/A
Vulnerability Type
N/A