Critical
CVSS 9.8
Overview
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.
CVE-2024-9408
In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side...
Risk analysis
This vulnerability is rated 🔴 CRITICAL.
- CVSS: 9.8 (CRITICAL)
- Detected tags: ssrf (tag impact: MODERATE)
Recommended actions:
- Deny access to internal/metadata addresses; use outbound allowlists.