{"id":"CVE-2024-8646","details":"In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.\nThis vulnerability is caused by the vulnerability (CVE-2023-41080) in the Apache code included in GlassFish.\nThis vulnerability only affects applications that are explicitly deployed to the root context ('/').","aliases":["GHSA-7gq2-vwq9-w8vw"],"modified":"2026-04-10T05:19:54.695377Z","published":"2024-09-11T14:15:14.307Z","references":[{"type":"WEB","url":"https://glassfish.org/download"},{"type":"ADVISORY","url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/34"},{"type":"REPORT","url":"https://gitlab.eclipse.org/security/vulnerability-reports/-/issues/163"},{"type":"FIX","url":"https://github.com/eclipse-ee4j/glassfish/pull/24655"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-ee4j/glassfish","events":[{"introduced":"f9bbc00497a321c38f4b61ef4b8c2a4f1294b3aa"},{"fixed":"b57abb800a07df684bfc0ebc66d00446e2ac56f6"}],"database_specific":{"versions":[{"introduced":"5.1.0"},{"fixed":"7.0.10"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8646.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}