VYPR

Eclipse.equinox.bundles

by Eclipse

CVEs (2)

  • CVE-2021-41037Jul 8, 2022
    risk 0.00cvss epss 0.01

    In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings…

  • CVE-2021-41033Sep 13, 2021
    risk 0.00cvss epss 0.01

    In all released versions of Eclipse Equinox, at least until version 4.21 (September 2021), installation can be vulnerable to man-in-the-middle attack if using p2 repos that are HTTP; that can then be exploited to serve incorrect p2 metadata and entirely alter the local…