Eclipse Platform Vulnerability in p2 Allows Malicious Code Execution
CVE-2021-41037

10CRITICAL

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Equinox P2
Vendor: CVE Published:; 8 July 2022

🔔 Create The Eclipse Foundation Vulnerability Alert

What is CVE-2021-41037?

A vulnerability in Eclipse p2 allows installable units to modify the Eclipse Platform installation unpredictably. This flaw can enable malicious actors to manipulate the installation process, leading to the execution of harmful code without the user being aware of the risks. While p2 includes measures for artifact signing to establish trust, it lacks equivalent strategies for the metadata associated with configuration, making it possible for unverified units to execute unauthorized commands. Users downloading software from untrusted sources might find their systems compromised without appropriate warnings regarding these risky operations.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Eclipse Equinox p2 1.0.0 < 4.28

References

https://bugs.eclipse.org/bugs/show_bug.cgi?id=577029

x_refsource_CONFIRM

https://github.com/eclipse-equinox/p2/issues/235

patch

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jul 8, 2022
Vulnerability Reserved
Sep 13, 2021

JSON

The Eclipse Foundation

What is CVE-2021-41037?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.