Eclipse · Eclipse Glassfish · CVE-2023-5763
**Name of the Vulnerable Software and Affected Versions**
Eclipse Glassfish versions 5 or 6
**Description**
The issue exists due to insufficient input validation, allowing a remote attacker to load malicious code on the server. This can be achieved via access to insecure ORB listeners when running with old versions of JDK, specifically lower than 6u211, 7u201, or 8u191.
**Recommendations**
For Eclipse Glassfish versions 5 or 6, update the JDK to version 6u211, 7u201, or 8u191 or later to resolve the issue.
As a temporary workaround, consider restricting access to insecure ORB listeners until a patch is available.