Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to e…

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a critical remote code execution vulnerability in the console interface. The vulnerability allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality through telnet connections. Attackers can establish connections to the OSGi console, perform handshakes, and send fork commands to download and execute malicious Java code. This exploitation method enables attackers to establish reverse shell connections, providing complete system compromise. The vulnerability affects a wide range of versions spanning multiple years of releases.