org.graalvm.sdk:graal-sdk 20.3.17 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.graalvm.sdk:graal-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Buffer Overflow org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Buffer Overflow in `hotspot/compiler` due to improper handling of buffers in `addnode.cpp`. How to fix Buffer Overflow? Upgrade `org.graalvm.sdk:graal-sdk` to version 17.0.15, 21.0.7, 24.0.1 or higher.	[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)
M Heap-based Buffer Overflow org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the `Graphics.copyArea` functionality in `client-libs/2d`. An attacker can manipulate memory and potentially execute code. How to fix Heap-based Buffer Overflow? Upgrade `org.graalvm.sdk:graal-sdk` to version 17.0.15, 21.0.7, 24.0.1 or higher.	[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)
C Timing Attack org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Timing Attack in `security-libs/javax.net.ssl` that exposes information from a TLS handshake via side channel. How to fix Timing Attack? Upgrade `org.graalvm.sdk:graal-sdk` to version 17.0.15, 21.0.7, 24.0.1 or higher.	[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)
L Improper Access Control org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Access Control in the `hotspot/compiler` component. An attacker can compromise data integrity. How to fix Improper Access Control? Upgrade `org.graalvm.sdk:graal-sdk` to version 21.3.10, 22.0.1 or higher.	[,21.3.10)[22.0.0,22.0.1)
L Denial of Service (DoS) org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Denial of Service (DoS) in the `hotspot/runtime` component. How to fix Denial of Service (DoS)? Upgrade `org.graalvm.sdk:graal-sdk` to version 21.3.10, 22.0.1 or higher.	[,21.3.10)[22.0.0,22.0.1)
H Improper Privilege Management org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Privilege Management in the `security-libs/java.security` component. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). How to fix Improper Privilege Management? Upgrade `org.graalvm.sdk:graal-sdk` to version 21.3.9, 22.3.5 or higher.	[,21.3.9)[22.0.0,22.3.5)
M Denial of Service (DoS) org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Denial of Service (DoS) in `security-libs/javax.net.ssl`, when running untrusted code. How to fix Denial of Service (DoS)? Upgrade `org.graalvm.sdk:graal-sdk` to version 21.1.0 or higher.	[17.0.0,21.1.0)

Vulnerability

Vulnerable Version

Buffer Overflow

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Buffer Overflow in hotspot/compiler due to improper handling of buffers in addnode.cpp.

How to fix Buffer Overflow?

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)

Heap-based Buffer Overflow

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the Graphics.copyArea functionality in client-libs/2d. An attacker can manipulate memory and potentially execute code.

How to fix Heap-based Buffer Overflow?

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)

Timing Attack

Affected versions of this package are vulnerable to Timing Attack in security-libs/javax.net.ssl that exposes information from a TLS handshake via side channel.

How to fix Timing Attack?

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)

Improper Access Control

Affected versions of this package are vulnerable to Improper Access Control in the hotspot/compiler component. An attacker can compromise data integrity.

How to fix Improper Access Control?

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.10, 22.0.1 or higher.

[,21.3.10)[22.0.0,22.0.1)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) in the hotspot/runtime component.

How to fix Denial of Service (DoS)?

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.10, 22.0.1 or higher.

[,21.3.10)[22.0.0,22.0.1)

Improper Privilege Management

Affected versions of this package are vulnerable to Improper Privilege Management in the security-libs/java.security component.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

How to fix Improper Privilege Management?

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.9, 22.3.5 or higher.

[,21.3.9)[22.0.0,22.3.5)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) in security-libs/javax.net.ssl, when running untrusted code.

How to fix Denial of Service (DoS)?

Upgrade org.graalvm.sdk:graal-sdk to version 21.1.0 or higher.

[17.0.0,21.1.0)

org.graalvm.sdk:graal-sdk@20.3.17 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?