CNNVD-202511-2052 Information

CNNVD ID

CNNVD-202511-2052

Related CVE

CVE-2025-12383

• CNNVD Published: 2025-11-18

Description (Chinese)

Eclipse Jersey是Eclipse基金会的一个Java Web服务开发框架。 Eclipse Jersey 2.45版本、3.0.16版本和3.1.9版本存在竞争条件问题漏洞，该漏洞源于竞争条件可能导致忽略关键SSL配置，可能导致未经授权的信任。

Description (English)

Eclipse Jersey is a Java Web service development framework of the Eclipse Foundation. Eclipse Jersey 2.45, 3.0.16 and 3.1.9 have a gap in competition conditions, which may lead to the neglect of key SSL configurations and to unauthorized trust.

Hazard Level

Medium

Vulnerability Type

竞争条件问题

Affected Vendor

Eclipse

Published

2025-11-18

Last Modified

2026-02-24

References

https://gitlab.eclipse.org/security/cve-assignment/-/issues/74 https://access.redhat.com/security/cve/cve-2025-12383 https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://projects.eclipse.org/projects/ee4j.jersey