CRITICAL SeverityCVSS 4.09.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVE-2023-54344

Last updated May 05, 2026 · Published May 05, 2026

Description

Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by sending payloads to the console interface. Attackers can connect to the OSGi console port and send base64-encoded bash commands wrapped in fork directives to achieve code execution and establish reverse shell connections.

Affected products

1 listed

equinox:[OSGi

Mappings

CWE

CWE-306

CAPEC

None listed.

Research

AuthenticationA threat-focused guide to authentication, covering attack paths, design pitfalls, and concrete defenses from…

Guides

JWT Security Best PracticesWhat to validate, rotate, and avoid in real systems.
OAuth 2.0 Security Best PracticesCommon pitfalls in PKCE, tokens, and redirect handling.

Training

Authentication PatternsOAuth 2.1, passkeys, WebAuthn, and JWTs - modern identity for modern apps.
Injection TodaySQL, NoSQL, ORM, and LLM injection - what's changed and what hasn't.
Input Validation and Schema EnforcementValidate early, validate strictly - schemas, allowlists, and type-safe boundaries.

CVE-2023-54344

Description

Affected products

Mappings

Related