VYPR

Eclipse Dataspace Components

by Eclipse

Source repositories

CVEs (2)

  • CVE-2024-8642HigSep 11, 2024
    risk 0.46cvss 8.1epss 0.00

    In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for token expiration. The…

  • CVE-2024-9202Sep 27, 2024
    risk 0.00cvss epss 0.00

    In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to…