Maven package
org.eclipse.edc/transfer-data-plane
pkg:maven/org.eclipse.edc/transfer-data-plane
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-8642 | Hig | 8.1 | >= 0.5.0, < 0.9.0 | 0.9.0 | Sep 11, 2024 | In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issu |
- affected >= 0.5.0, < 0.9.0fixed 0.9.0
In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issu