org.graalvm.sdk:graal-sdk@19.3.1 vulnerabilities

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Access Control in the hotspot/compiler component. An attacker can compromise data integrity.

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.10, 22.0.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) in the hotspot/runtime component.

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.10, 22.0.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Access Control Bypass in the JavaFX media component, when running untrusted code.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure via the JavaFX component, when running untrusted code.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Input Validation due to a flaw in the JVM class file verifier in the hotspot/runtime component. An attacker can execute unverified bytecode by crafting a malicious input that bypasses the verification process.

Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9, 23.0.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Privilege Management in the hotspot/compiler component.

Note This is only exploitable if the attacker utilizes APIs in the specified component, such as through a web service that provides data to the APIs. Additionally, the vulnerability affects Java deployments that execute untrusted code, relying on the Java sandbox for security.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9, 22.3.5 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the security-libs/javax.xml.crypto component. An attacker with local access could access private keys.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9, 23.0.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Input Validation due to a range check loop optimization issue in the hotspot/compiler component. An attacker can obtain sensitive information without authorization by exploiting the improper input validation.

Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9, 23.0.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure in the core-libs/javax.script component.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9, 22.3.5 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Privilege Management in the security-libs/java.security component.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Upgrade org.graalvm.sdk:graal-sdk to version 21.3.9, 22.3.5 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Covert Timing Channel in the security-libs/java.security component. An attacker can recover ciphertexts via a side-channel attack by exploiting the Marvin security flaw.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9, 23.0.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Privilege Management via the JavaFX component.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.13, 21.3.9 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) in security-libs/javax.net.ssl, when running untrusted code.

Upgrade org.graalvm.sdk:graal-sdk to version 21.1.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Neutralization of Null Byte or NUL Character resulting in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.10, 21.3.6, 22.3.2 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Input Validation due to a Swing HTML parsing issue, resulting in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.10, 21.3.6, 22.3.2 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Input Validation resulting in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.10, 21.3.6, 22.3.2 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) certificate validation issue in TLS session negotiation. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS).

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.10, 21.3.6, 22.3.2 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Remote Code Execution (RCE) incorrect handling of NULL characters in ProcessBuilder. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.10, 21.3.6, 22.3.2 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure. Improper connection handling during TLS handshake. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all accessible data as well as unauthorized access to critical data or complete access to all accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.10, 21.3.6, 22.3.2 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all accessible data.

Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.10, 21.3.6, 22.3.2 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Unsafe Reflection via improper object-to-string conversion in AnnotationInvocationHandler.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.6, 21.3.2, 22.1.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) by allowing unauthenticated attackers with network access via multiple protocols to compromise the application.
Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs through a web service that supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.6, 21.3.2, 22.1.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) due to missing checks for negative ObjectIdentifier. exploiting this vulnerability allows unauthenticated attackers with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition.

1. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

2. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service that supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.6, 21.3.2, 22.1.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure by allowing unauthenticated attackers with network access via multiple protocols to access critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs through a web service that supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.6, 21.3.2, 22.1.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Input Validation by allowing unauthenticated malicious actors to update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs through a web service that supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.6, 21.3.2, 22.1.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Access Restriction Bypass by an unauthenticated attacker with network access via multiple protocols. This is due to incorrect implementation of the ECDSA cryptographic signature in Java. Exploiting this vulnerability results in unauthorized creation, deletion, or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data.

Notes:

1. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

2. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service that supplies data to the APIs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.6, 21.3.2, 22.1.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Out-of-bounds Write. A flaw was found in the way the Hotspot component of OpenJDK processed classes with _fields that needed to be written to in Rewriter::scan_method().

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Deserialization of Untrusted Data the ObjectInputStream class implementation in the Serialization component did not check superclasses against the deserialization filter (defined via jdk.serialFilter system or security property) in cases when those classes were available locally and not included in the serialized stream. A specially-crafted serialized stream could possibly use this flaw to bypass class deserialization restrictions.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure. TransformerImpl class implementation in the JAXP component did not properly check access restrictions when performing URI resolution. This could possibly lead to information disclosure when performing XSLT transformations.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling the implementation of the IdentityHashMap class doesn't properly validate the value of its size attribute when creating object instances from a serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. A flaw was found in the way the TIFFNullDecompressor class implementation in the ImageIO component performs reading of uncompressed TIFF files. A specially-crafted TIFF image could cause the decompressor to create image objects with an inconsistent state due to failure to fully read the image.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Infinite loop. A flaw was found in the way the XMLEntityScanner and XML11EntityScanner classes in the JAXP component handles and normalized newlines in XML entities. A specially-crafted XML document could cause a Java application to enter an infinite loop when parsed.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure. The XMLEntityManager class implementation in the JAXP component doesn't properly perform access checks. A Java application using a SAX XML parser in certain configurations could be tricked into disclosing information when parsing a specially-crafted XML file.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. A flaw was found in the BMPImageReader class implementation in the ImageIO component, which allows a specially-crafted BMP image to bypass previously applied protection and cause a Java application to allocate an excessive amount of memory when opened.

Note:

this is due to an incomplete fix for CVE-2021-35586.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Input Validation. It was discovered that the StringBuffer and StringBuilder classes implementation in the Libraries component failed to properly validate the value of the count attribute during object deserialization. A specially-crafted input could cause a Java application to misbehave because of StringBuffer or StringBuilder object instances in an inconsistent state.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Input Validation. The ObjectInputStream class implementation in the Serialization component doesn't sufficiently validate data read from the input serialized stream when reading serialized exceptions. A specially-crafted serialized stream could use this flaw to bypass certain deserialization restrictions (defined via jdk.serialFilter system or security property).

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Uncaught Exception. A flaw was found in the Pattern class implementation in the Libraries component. A specially crafted input could cause the Pattern class to raise an unexpected exception while performing regular expression matching, possibly causing a Java application using the class to misbehave.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. A flaw was found in the way the TIFFFaxDecompressor, TIFFLZWDecompressor, and TIFFPackBitsDecompressor classes implementations in the ImageIO component of OpenJDK handled memory allocations when processing TIFF images. A specially-crafted TIFF image with a small size could cause a Java application to allocate an excessive amount of memory when opened.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Integer Overflow or Wraparound. A flaw was found in the way the Hotspot component of OpenJDK handled array indexes on 64-bit x86 platform. A large index could trigger a displacement overflow in LIRGenerator::emit_array_address, possibly leading to access at an invalid array position.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. A flaw was found in the way the BMPImageReader class implementation in the ImageIO performs memory allocations when reading palette information from BMP images. A specially-crafted BMP file could cause a Java application to consume an excessive amount of memory when opened.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. A flaw was found in the way the Attributes class in the Libraries component performs reading of attributes with very long values from the JAR file manifests. A specially-crafted JAR archive could cause a Java application reading its manifest to use an excessive amount of system resources and hang.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Timing Attack. It was discovered that the TLS implementation in the JSSE component of OpenJDK used non-constant comparisons when checking various data (such as session identifiers or verification data blocks) during TLS handshakes. A malicious TLS client could possibly use this flaw to recover that data by observing timing differences in processing of various inputs.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.4, 21.3.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Access Restriction Bypass via incorrect principal selection when using Kerberos Constrained Delegation result in unauthorized access to critical data or complete access to all GraalVM accessible data.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.4, 21.3.0 or higher.

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Improper Access Control. It allows unauthenticated attacker with network access via TLS to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service.

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.4, 21.3.0 or higher.