GitHub user matthiasblaesing added a comment to the discussion: OSGI Security Vulnerability
>From my pespective "remote code execution" requires a network connection. >NetBeans opens a single socket (you can check for example on Linux with the >`ss` tool or `netstat` on windows. That socket is used for CLI integration and >is bound to localhost (on my machine IPv6 `::1`). The exploit code says: > This tool will let you open a reverse shell from the system that is running > OSGi with the '-console' option in versions between 3.8 and 3.18. That matches the observation, that I don't see an open port. GitHub link: https://github.com/apache/netbeans/discussions/9401#discussioncomment-16979777 ---- This is an automatically sent email for [email protected]. To unsubscribe, please send an email to: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] For further information about the NetBeans mailing lists, visit: https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists
