In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed. This vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish. This vulnerability only affects applications that are explicitly deployed to the root context ('/').
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.glassfish.main.web:web-core(Maven) | 0 | 7.0.10 | N/A |
CVSS Metrics
