org.graalvm.sdk:graal-sdk@20.3.12 vulnerabilities

latest version

24.0.0
latest non vulnerable version

24.0.0
first published

6 years ago
latest version published

a month ago
licenses detected
- UPL-1.0
  [1.0.0-rc10,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.graalvm.sdk:graal-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
L Improper Access Control org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Access Control in the `hotspot/compiler` component. An attacker can compromise data integrity. How to fix Improper Access Control? Upgrade `org.graalvm.sdk:graal-sdk` to version 21.3.10, 22.0.1 or higher.	[,21.3.10) [22.0.0,22.0.1)
L Denial of Service (DoS) org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Denial of Service (DoS) in the `hotspot/runtime` component. How to fix Denial of Service (DoS)? Upgrade `org.graalvm.sdk:graal-sdk` to version 21.3.10, 22.0.1 or higher.	[,21.3.10) [22.0.0,22.0.1)
L Access Control Bypass org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Access Control Bypass in the JavaFX media component, when running untrusted code. How to fix Access Control Bypass? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9 or higher.	[,20.3.13) [21.0.0,21.3.9)
L Information Exposure org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Information Exposure via the JavaFX component, when running untrusted code. How to fix Information Exposure? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9 or higher.	[,20.3.13) [21.0.0,21.3.9)
M Improper Input Validation org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Input Validation due to a flaw in the JVM class file verifier in the `hotspot/runtime` component. An attacker can execute unverified bytecode by crafting a malicious input that bypasses the verification process. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. How to fix Improper Input Validation? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9, 23.0.0 or higher.	[,20.3.13) [21.0.0,21.3.9) [22.0.0,23.0.0)
H Improper Privilege Management org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Privilege Management in the `hotspot/compiler` component. Note This is only exploitable if the attacker utilizes APIs in the specified component, such as through a web service that provides data to the APIs. Additionally, the vulnerability affects Java deployments that execute untrusted code, relying on the Java sandbox for security. How to fix Improper Privilege Management? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9, 22.3.5 or higher.	[,20.3.13) [21.0.0,21.3.9) [22.0.0,22.3.5)
M Insertion of Sensitive Information into Log File org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File in the `security-libs/javax.xml.crypto` component. An attacker with local access could access private keys. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). How to fix Insertion of Sensitive Information into Log File? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9, 23.0.0 or higher.	[,20.3.13) [21.0.0,21.3.9) [22.0.0,23.0.0)
M Improper Input Validation org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Input Validation due to a range check loop optimization issue in the `hotspot/compiler` component. An attacker can obtain sensitive information without authorization by exploiting the improper input validation. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. How to fix Improper Input Validation? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9, 23.0.0 or higher.	[,20.3.13) [21.0.0,21.3.9) [22.0.0,23.0.0)
M Information Exposure org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Information Exposure in the `core-libs/javax.script` component. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). How to fix Information Exposure? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9, 22.3.5 or higher.	[,20.3.13) [21.0.0,21.3.9) [22.0.0,22.3.5)
H Improper Privilege Management org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Privilege Management in the `security-libs/java.security` component. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). How to fix Improper Privilege Management? Upgrade `org.graalvm.sdk:graal-sdk` to version 21.3.9, 22.3.5 or higher.	[,21.3.9) [22.0.0,22.3.5)
H Covert Timing Channel org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Covert Timing Channel in the `security-libs/java.security` component. An attacker can recover ciphertexts via a side-channel attack by exploiting the Marvin security flaw. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). How to fix Covert Timing Channel? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9, 23.0.0 or higher.	[,20.3.13) [21.0.0,21.3.9) [22.0.0,23.0.0)
L Improper Privilege Management org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Improper Privilege Management via the `JavaFX` component. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). How to fix Improper Privilege Management? Upgrade `org.graalvm.sdk:graal-sdk` to version 20.3.13, 21.3.9 or higher.	[,20.3.13) [21.0.0,21.3.9)
M Denial of Service (DoS) org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Denial of Service (DoS) in `security-libs/javax.net.ssl`, when running untrusted code. How to fix Denial of Service (DoS)? Upgrade `org.graalvm.sdk:graal-sdk` to version 21.1.0 or higher.	[17.0.0,21.1.0)

Go back to all versions of this package

org.graalvm.sdk:graal-sdk@20.3.12 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities