{"id":"CVE-2024-9408","details":"In Eclipse GlassFish since version 6.2.5 it is possible to perform a Server Side Request Forgery attack in specific endpoints.","aliases":["GHSA-f7h5-c625-3795"],"modified":"2026-04-10T05:19:42.753747Z","published":"2025-07-16T12:15:23.227Z","references":[{"type":"REPORT","url":"https://gitlab.eclipse.org/security/cve-assignement/-/issues/38"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/eclipse-ee4j/glassfish","events":[{"introduced":"0"},{"last_affected":"0159b68b362c7f4be78d1fa75aeaf2ec0b997f1d"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"6.2.5"}]}}],"versions":["6.0.0-M2-servlet5","6.1.0-M1","6.2.5","M2-servlet5","initial-contribution"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9408.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}