java-11-amazon-corretto vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the java-11-amazon-corretto package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
L Out-of-bounds Write	<1:11.0.23+9-1.amzn2
L Improper Output Neutralization for Logs	<1:11.0.23+9-1.amzn2
L Reliance on Reverse DNS Resolution for a Security-Critical Action	<1:11.0.23+9-1.amzn2
L Uncontrolled Memory Allocation	<1:11.0.23+9-1.amzn2
L Integer Overflow or Wraparound	<1:11.0.23+9-1.amzn2
H CVE-2024-20925	<1:11.0.22+7-1.amzn2
H Integer Overflow or Wraparound	<1:11.0.22+7-1.amzn2
H CVE-2024-20923	<1:11.0.22+7-1.amzn2
H Improper Input Validation	<1:11.0.22+7-1.amzn2
H Improper Input Validation	<1:11.0.22+7-1.amzn2
H Covert Timing Channel	<1:11.0.22+7-1.amzn2
H Improper Input Validation	<1:11.0.22+7-1.amzn2
H Information Exposure Through Log Files	<1:11.0.22+7-1.amzn2
H CVE-2024-20922	<1:11.0.22+7-1.amzn2
M Improper Certificate Validation	<1:11.0.21+9-1.amzn2
M Out-of-bounds Read	<1:11.0.20+8-1.amzn2
M Allocation of Resources Without Limits or Throttling	<1:11.0.20+8-1.amzn2
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:11.0.20+8-1.amzn2
M CVE-2023-22043	<1:11.0.20+8-1.amzn2
M Directory Traversal	<1:11.0.20+8-1.amzn2
M Small Space of Random Values	<1:11.0.20+8-1.amzn2
M Directory Traversal	<1:11.0.20+8-1.amzn2
H Improper Enforcement of Message Integrity During Transmission in a Communication Channel	<1:11.0.19+7-1.amzn2
H Information Exposure	<1:11.0.19+7-1.amzn2
H Improper Input Validation	<1:11.0.19+7-1.amzn2
H Improper Neutralization of Null Byte or NUL Character	<1:11.0.19+7-1.amzn2
H Improperly Implemented Security Check for Standard	<1:11.0.19+7-1.amzn2
H Improper Input Validation	<1:11.0.19+7-1.amzn2
H Improper Neutralization of Null Byte or NUL Character	<1:11.0.19+7-1.amzn2
M Resource Exhaustion	<1:11.0.18+10-1.amzn2
M Reliance on File Name or Extension of Externally-Supplied File	<1:11.0.18+10-1.amzn2
M Deserialization of Untrusted Data	<1:11.0.18+10-1.amzn2
M Resource Exhaustion	<1:11.0.17+8-1.amzn2
M Buffer Overflow	<1:11.0.17+8-1.amzn2
M Authentication Bypass	<1:11.0.17+8-1.amzn2
M Integer Coercion Error	<1:11.0.17+8-1.amzn2
M Allocation of Resources Without Limits or Throttling	<1:11.0.17+8-1.amzn2
M Use of Insufficiently Random Values	<1:11.0.17+8-1.amzn2
H Resource Leak	<1:11.0.16+8-1.amzn2
H Integer Coercion Error	<1:11.0.16+8-1.amzn2
H Improper Access Control	<1:11.0.16+8-1.amzn2
H Integer Underflow	<1:11.0.15+9-1.amzn2
H Incorrect Behavior Order: Early Validation	<1:11.0.15+9-1.amzn2
H Improper Use of Validation Framework	<1:11.0.15+9-1.amzn2
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<1:11.0.15+9-1.amzn2
H Resource Exhaustion	<1:11.0.15+9-1.amzn2
H Integer Underflow	<1:11.0.15+9-1.amzn2
H Improper Use of Validation Framework	<1:11.0.15+9-1.amzn2
H Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')	<1:11.0.15+9-1.amzn2
H Incorrect Behavior Order: Early Validation	<1:11.0.15+9-1.amzn2
H Resource Exhaustion	<1:11.0.15+9-1.amzn2
M Improper Authorization	<1:11.0.14+9-1.amzn2
M Uncaught Exception	<1:11.0.14+9-1.amzn2
M Allocation of Resources Without Limits or Throttling	<1:11.0.14+9-1.amzn2
M Deserialization of Untrusted Data	<1:11.0.14+9-1.amzn2
M Allocation of Resources Without Limits or Throttling	<1:11.0.14+9-1.amzn2
M Allocation of Resources Without Limits or Throttling	<1:11.0.14+9-1.amzn2
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:11.0.14+9-1.amzn2
M Improper Use of Validation Framework	<1:11.0.14+9-1.amzn2
M Integer Overflow or Wraparound	<1:11.0.14+9-1.amzn2
M Improper Cross-boundary Removal of Sensitive Data	<1:11.0.14+9-1.amzn2
M Allocation of Resources Without Limits or Throttling	<1:11.0.14+9-1.amzn2
M Allocation of Resources Without Limits or Throttling	<1:11.0.14+9-1.amzn2
M Out-of-bounds Write	<1:11.0.14+9-1.amzn2
M Improper Use of Validation Framework	<1:11.0.14+9-1.amzn2
M Integer Overflow or Wraparound	<1:11.0.14+9-1.amzn2
C Deserialization of Untrusted Data	<1:11.0.13+8-2.amzn2
C Deserialization of Untrusted Data	<1:11.0.13+8-2.amzn2
H Out-of-bounds Write	<1:11.0.13+8-1.amzn2
H CVE-2021-35567	<1:11.0.13+8-1.amzn2
H CVE-2021-35586	<1:11.0.13+8-1.amzn2
H CVE-2021-35603	<1:11.0.13+8-1.amzn2
H CVE-2021-35565	<1:11.0.13+8-1.amzn2
H CVE-2021-35578	<1:11.0.13+8-1.amzn2
H CVE-2021-35564	<1:11.0.13+8-1.amzn2
H Incorrect Authorization	<1:11.0.13+8-1.amzn2
H CVE-2021-35588	<1:11.0.13+8-1.amzn2
H Incorrect Authorization	<1:11.0.13+8-1.amzn2
H CVE-2021-35556	<1:11.0.13+8-1.amzn2
H Out-of-bounds Read	<1:11.0.13+8-1.amzn2
H CVE-2021-35561	<1:11.0.13+8-1.amzn2
H CVE-2021-2341	<1:11.0.12+7-1.amzn2
H CVE-2021-2369	<1:11.0.12+7-1.amzn2
H CVE-2021-2388	<1:11.0.12+7-1.amzn2
H CVE-2020-14581	<1:11.0.8+10-1.amzn2
H CVE-2020-14577	<1:11.0.8+10-1.amzn2
H CVE-2020-14583	<1:11.0.8+10-1.amzn2
H CVE-2020-14621	<1:11.0.8+10-1.amzn2
H CVE-2020-14556	<1:11.0.8+10-1.amzn2
H CVE-2020-14593	<1:11.0.8+10-1.amzn2
H CVE-2020-14562	<1:11.0.8+10-1.amzn2
H CVE-2020-2830	<1:11.0.7+10-1.amzn2
H CVE-2020-2803	<1:11.0.7+10-1.amzn2
H CVE-2020-2805	<1:11.0.7+10-1.amzn2
H Deserialization of Untrusted Data	<1:11.0.7+10-1.amzn2
H CVE-2020-2800	<1:11.0.7+10-1.amzn2
H CVE-2020-2816	<1:11.0.7+10-1.amzn2
H CVE-2020-2773	<1:11.0.7+10-1.amzn2
H CVE-2020-2755	<1:11.0.7+10-1.amzn2
H CVE-2020-2778	<1:11.0.7+10-1.amzn2
H CVE-2020-2754	<1:11.0.7+10-1.amzn2
H CVE-2020-2767	<1:11.0.7+10-1.amzn2
H CVE-2020-2781	<1:11.0.7+10-1.amzn2
H Deserialization of Untrusted Data	<1:11.0.7+10-1.amzn2
H Deserialization of Untrusted Data	<1:11.0.6+10-1.amzn2
H CVE-2020-2654	<1:11.0.6+10-1.amzn2
H CVE-2020-2655	<1:11.0.6+10-1.amzn2
H Divide By Zero	<1:11.0.6+10-1.amzn2
H CVE-2020-2659	<1:11.0.6+10-1.amzn2
H CVE-2020-2593	<1:11.0.6+10-1.amzn2
H Improper Handling of Exceptional Conditions	<1:11.0.6+10-1.amzn2
H Access of Resource Using Incompatible Type ('Type Confusion')	<1:11.0.6+10-1.amzn2
H CVE-2020-2590	<1:11.0.6+10-1.amzn2
H CVE-2020-2585	<1:11.0.6+10-1.amzn2
H Use of Uninitialized Resource	<1:11.0.6+10-1.amzn2
H CVE-2020-2601	<1:11.0.6+10-1.amzn2
H CVE-2019-2977	<1:11.0.5+10-1.amzn2
H CVE-2019-2999	<1:11.0.5+10-1.amzn2
H CVE-2019-2989	<1:11.0.5+10-1.amzn2
H CVE-2019-2987	<1:11.0.5+10-1.amzn2
H CVE-2019-2949	<1:11.0.5+10-1.amzn2
H CVE-2019-2981	<1:11.0.5+10-1.amzn2
H CVE-2019-2988	<1:11.0.5+10-1.amzn2
H CVE-2019-2983	<1:11.0.5+10-1.amzn2
H CVE-2019-2992	<1:11.0.5+10-1.amzn2
H CVE-2019-2975	<1:11.0.5+10-1.amzn2
H CVE-2019-2978	<1:11.0.5+10-1.amzn2
H CVE-2019-2964	<1:11.0.5+10-1.amzn2
H CVE-2019-2945	<1:11.0.5+10-1.amzn2
H CVE-2019-2894	<1:11.0.5+10-1.amzn2
H CVE-2019-2962	<1:11.0.5+10-1.amzn2
H CVE-2019-2958	<1:11.0.5+10-1.amzn2
H CVE-2019-2973	<1:11.0.5+10-1.amzn2
M CVE-2019-2821	<1:11.0.4+11-1.amzn2
M CVE-2019-2816	<1:11.0.4+11-1.amzn2
M CVE-2019-2745	<1:11.0.4+11-1.amzn2
M Use After Free	<1:11.0.4+11-1.amzn2
M CVE-2019-2769	<1:11.0.4+11-1.amzn2
M CVE-2019-2786	<1:11.0.4+11-1.amzn2
M Information Exposure	<1:11.0.4+11-1.amzn2
M CVE-2019-2762	<1:11.0.4+11-1.amzn2
M CVE-2019-2766	<1:11.0.4+11-1.amzn2
H CVE-2019-2697	<1:11.0.3+7-1.amzn2
H Resource Exhaustion	<1:11.0.3+7-1.amzn2
H CVE-2019-2698	<1:11.0.3+7-1.amzn2
H CVE-2019-2684	<1:11.0.3+7-1.amzn2