org.graalvm.sdk:graal-sdk@20.3.14 vulnerabilities

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the Graphics.copyArea functionality in client-libs/2d. An attacker can manipulate memory and potentially execute code.

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Timing Attack in security-libs/javax.net.ssl that exposes information from a TLS handshake via side channel.

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Signed to Unsigned Conversion Error through the use of multiple protocols. An attacker can compromise accessible data and perform unauthorized update, insert, or delete operations by exploiting APIs in the specified component, typically through a web service which supplies data to these APIs.

Note:

This is only exploitable if Java deployments load and run untrusted code from the internet and rely on the Java sandbox for security.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.17, 21.3.13 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Access Control Bypass via the Compiler component. An attacker can manipulate data by exploiting unprotected APIs or services that interact with the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the Serialization component. An attacker can cause a partial disruption of service by exploiting network access to send crafted data to the APIs involved.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the Networking component. An attacker can cause a partial disruption of service by exploiting network protocols to send crafted data or requests.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure via the Hotspot component. An attacker with network access via multiple protocols can compromise the integrity and confidentiality of data by exploiting accessible APIs, particularly through web services that supply data to these APIs.

Note:

This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Access Control via the 2D component. An attacker can achieve unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data by exploiting the APIs through a web service which supplies data to these APIs. This is only exploitable in environments where Java applications, such as sandboxed Java Web Start applications or sandboxed Java applets, load and run untrusted code that relies on the Java sandbox for security.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.15, 21.3.11 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Resource Exhaustion via multiple protocols. An attacker can cause a partial disruption of service by exploiting network access.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.15, 21.3.11 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Access Control in the hotspot/compiler component. An attacker can compromise data integrity.

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.10, 22.0.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) in the hotspot/runtime component.

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.10, 22.0.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Privilege Management in the security-libs/java.security component.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.9, 22.3.5 or higher.