CVE-2023-5763: Eclipse Glassfish remote code execution issue

November 3, 2023

In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.

References

github.com/advisories/GHSA-2mw4-wj8c-7f93
gitlab.eclipse.org/security/cve-assignement/-/issues/14
glassfish.org/docs/latest/security-guide.html
nvd.nist.gov/vuln/detail/CVE-2023-5763

Code Behaviors & Features

Detect and mitigate CVE-2023-5763 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →