VYPR

Maven package

org.eclipse.edc/transfer-data-plane

pkg:maven/org.eclipse.edc/transfer-data-plane

Vulnerabilities (1)

  • CVE-2024-8642HigSep 11, 2024
    affected >= 0.5.0, < 0.9.0fixed 0.9.0

    In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The issu