Community
Participate
Working Groups
project: Eclipse OMR versions: all cwe: CWE-264 http://cwe.mitre.org/data/definitions/264.html Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control. summary: AIX builds of Eclipse OMR contain unused RPATHs which may facilitate code injection and privilege elevation by local users. - see also https://nvd.nist.gov/vuln/detail/CVE-2018-1890
This problem has been resolved via https://github.com/eclipse/omr/pull/4136
I've assigned CVE-2019-11773
The project's 0.1 release scheduled for September 18. Shall I update the version on this CVE to be "all versions prior to 0.1" and submit?
Sure, sounds reasonable to me (in the absence of any explicit way to refer to such "releases" :) )
I've created a pull-request with the central authority. https://github.com/CVEProject/cvelist/pull/2543