Eclipse Foundation Glassfish vulnerabilities

CVE-2024-9329 [MEDIUM] CWE-233 CVE-2024-9329: In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application In Eclipse Glassfish versions before 7.0.17, The Host HTTP parameter could cause the web application to redirect to the specified URL, when the requested endpoint is '/management/domain'. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

CVE-2023-5763 [CRITICAL] CWE-20 CVE-2023-5763: In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u In Eclipse Glassfish 5 or 6, running with old versions of JDK (lower than 6u211, or < 7u201, or < 8u191), allows remote attackers to load malicious code on the server via access to insecure ORB listeners.