Homepage
About Snyk

org.graalvm.sdk:graal-sdk@21.3.11 vulnerabilities

  • latest version

    24.1.1

  • latest non vulnerable version

    24.1.1

  • first published

    6 years ago

  • latest version published

    a month ago

  • licenses detected

  • package manager

    View on Maven Repository
Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.graalvm.sdk:graal-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access Control Bypass

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Access Control Bypass via the Compiler component. An attacker can manipulate data by exploiting unprotected APIs or services that interact with the APIs.

How to fix Access Control Bypass?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

[,20.3.16) [21.0.0,21.3.12)
  • M
Denial of Service (DoS)

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the Serialization component. An attacker can cause a partial disruption of service by exploiting network access to send crafted data to the APIs involved.

How to fix Denial of Service (DoS)?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

[,20.3.16) [21.0.0,21.3.12)
  • M
Denial of Service (DoS)

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) via the Networking component. An attacker can cause a partial disruption of service by exploiting network protocols to send crafted data or requests.

How to fix Denial of Service (DoS)?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

[,20.3.16) [21.0.0,21.3.12)
  • M
Information Exposure

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Information Exposure via the Hotspot component. An attacker with network access via multiple protocols can compromise the integrity and confidentiality of data by exploiting accessible APIs, particularly through web services that supply data to these APIs.

Note:

This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security.

How to fix Information Exposure?

Upgrade org.graalvm.sdk:graal-sdk to version 20.3.16, 21.3.12 or higher.

[,20.3.16) [21.0.0,21.3.12)
Go back to all versions of this package