org.graalvm.sdk:graal-sdk 21.3.10 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.graalvm.sdk:graal-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Signed to Unsigned Conversion Error org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Signed to Unsigned Conversion Error through the use of multiple protocols. An attacker can compromise accessible data and perform unauthorized update, insert, or delete operations by exploiting APIs in the specified component, typically through a web service which supplies data to these APIs. Note: This is only exploitable if Java deployments load and run untrusted code from the internet and rely on the Java sandbox for security. How to fix Signed to Unsigned Conversion Error? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.17, 21.3.13 or higher.	[,20.3.17)[21.0.0,21.3.13)
M Access Control Bypass org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Access Control Bypass via the `Compiler` component. An attacker can manipulate data by exploiting unprotected APIs or services that interact with the APIs. How to fix Access Control Bypass? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.16, 21.3.12 or higher.	[,20.3.16)[21.0.0,21.3.12)
M Denial of Service (DoS) org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Denial of Service (DoS) via the `Serialization` component. An attacker can cause a partial disruption of service by exploiting network access to send crafted data to the APIs involved. How to fix Denial of Service (DoS)? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.16, 21.3.12 or higher.	[,20.3.16)[21.0.0,21.3.12)
M Denial of Service (DoS) org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Denial of Service (DoS) via the `Networking` component. An attacker can cause a partial disruption of service by exploiting network protocols to send crafted data or requests. How to fix Denial of Service (DoS)? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.16, 21.3.12 or higher.	[,20.3.16)[21.0.0,21.3.12)
M Information Exposure org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Information Exposure via the `Hotspot` component. An attacker with network access via multiple protocols can compromise the integrity and confidentiality of data by exploiting accessible APIs, particularly through web services that supply data to these APIs. Note: This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. How to fix Information Exposure? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.16, 21.3.12 or higher.	[,20.3.16)[21.0.0,21.3.12)
M Improper Access Control org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Access Control via the `2D` component. An attacker can achieve unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data by exploiting the APIs through a web service which supplies data to these APIs. This is only exploitable in environments where Java applications, such as sandboxed Java Web Start applications or sandboxed Java applets, load and run untrusted code that relies on the Java sandbox for security. How to fix Improper Access Control? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.15, 21.3.11 or higher.	[20.0.0,20.3.15)[21.0.0,21.3.11)
M Resource Exhaustion org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Resource Exhaustion via multiple protocols. An attacker can cause a partial disruption of service by exploiting network access. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code. How to fix Resource Exhaustion? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.15, 21.3.11 or higher.	[,20.3.15)[21.0.0,21.3.11)

Vulnerability

Vulnerable Version

Signed to Unsigned Conversion Error

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Signed to Unsigned Conversion Error through the use of multiple protocols. An attacker can compromise accessible data and perform unauthorized update, insert, or delete operations by exploiting APIs in the specified component, typically through a web service which supplies data to these APIs.

Note:

This is only exploitable if Java deployments load and run untrusted code from the internet and rely on the Java sandbox for security.

How to fix Signed to Unsigned Conversion Error?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.17, 21.3.13 or higher.

[,20.3.17)[21.0.0,21.3.13)

Access Control Bypass

Affected versions of this package are vulnerable to Access Control Bypass via the Compiler component. An attacker can manipulate data by exploiting unprotected APIs or services that interact with the APIs.

How to fix Access Control Bypass?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

[,20.3.16)[21.0.0,21.3.12)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via the Serialization component. An attacker can cause a partial disruption of service by exploiting network access to send crafted data to the APIs involved.

How to fix Denial of Service (DoS)?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

[,20.3.16)[21.0.0,21.3.12)

Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via the Networking component. An attacker can cause a partial disruption of service by exploiting network protocols to send crafted data or requests.

How to fix Denial of Service (DoS)?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

[,20.3.16)[21.0.0,21.3.12)

Information Exposure

Affected versions of this package are vulnerable to Information Exposure via the Hotspot component. An attacker with network access via multiple protocols can compromise the integrity and confidentiality of data by exploiting accessible APIs, particularly through web services that supply data to these APIs.

Note:

This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

How to fix Information Exposure?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

[,20.3.16)[21.0.0,21.3.12)

Improper Access Control

Affected versions of this package are vulnerable to Improper Access Control via the 2D component. An attacker can achieve unauthorized update, insert, or delete access to some accessible data as well as unauthorized read access to a subset of accessible data by exploiting the APIs through a web service which supplies data to these APIs. This is only exploitable in environments where Java applications, such as sandboxed Java Web Start applications or sandboxed Java applets, load and run untrusted code that relies on the Java sandbox for security.

How to fix Improper Access Control?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.15, 21.3.11 or higher.

[20.0.0,20.3.15)[21.0.0,21.3.11)

Resource Exhaustion

Affected versions of this package are vulnerable to Resource Exhaustion via multiple protocols. An attacker can cause a partial disruption of service by exploiting network access.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code.

How to fix Resource Exhaustion?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.15, 21.3.11 or higher.

[,20.3.15)[21.0.0,21.3.11)

org.graalvm.sdk:graal-sdk@21.3.10 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?