org.graalvm.sdk:graal-sdk 23.0.9 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.graalvm.sdk:graal-sdk package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
M Access Control Bypass org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Access Control Bypass when processing TLS connections. An attacker can gain unauthorized read and write access to certain data by sending specially crafted network requests. This is only exploitable if untrusted code is loaded and run in a sandboxed environment, such as Java Web Start applications or applets that rely on the Java sandbox for security. How to fix Access Control Bypass? Upgrade `org.graalvm.sdk:graal-sdk` to version 17.0.16, 21.0.8, 24.0.2 or higher.	[,17.0.16)[18.0.0,21.0.8)[22.0.0,24.0.2)
M Buffer Overflow org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Buffer Overflow in `hotspot/compiler` due to improper handling of buffers in `addnode.cpp`. How to fix Buffer Overflow? Upgrade `org.graalvm.sdk:graal-sdk` to version 17.0.15, 21.0.7, 24.0.1 or higher.	[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)
M Heap-based Buffer Overflow org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the `Graphics.copyArea` functionality in `client-libs/2d`. An attacker can manipulate memory and potentially execute code. How to fix Heap-based Buffer Overflow? Upgrade `org.graalvm.sdk:graal-sdk` to version 17.0.15, 21.0.7, 24.0.1 or higher.	[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)
C Timing Attack org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages. Affected versions of this package are vulnerable to Timing Attack in `security-libs/javax.net.ssl` that exposes information from a TLS handshake via side channel. How to fix Timing Attack? Upgrade `org.graalvm.sdk:graal-sdk` to version 17.0.15, 21.0.7, 24.0.1 or higher.	[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)

Vulnerability

Vulnerable Version

Access Control Bypass

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Access Control Bypass when processing TLS connections. An attacker can gain unauthorized read and write access to certain data by sending specially crafted network requests. This is only exploitable if untrusted code is loaded and run in a sandboxed environment, such as Java Web Start applications or applets that rely on the Java sandbox for security.

How to fix Access Control Bypass?

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.16, 21.0.8, 24.0.2 or higher.

[,17.0.16)[18.0.0,21.0.8)[22.0.0,24.0.2)

Buffer Overflow

Affected versions of this package are vulnerable to Buffer Overflow in hotspot/compiler due to improper handling of buffers in addnode.cpp.

How to fix Buffer Overflow?

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)

Heap-based Buffer Overflow

Affected versions of this package are vulnerable to Heap-based Buffer Overflow in the Graphics.copyArea functionality in client-libs/2d. An attacker can manipulate memory and potentially execute code.

How to fix Heap-based Buffer Overflow?

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)

Timing Attack

Affected versions of this package are vulnerable to Timing Attack in security-libs/javax.net.ssl that exposes information from a TLS handshake via side channel.

How to fix Timing Attack?

Upgrade org.graalvm.sdk:graal-sdk to version 17.0.15, 21.0.7, 24.0.1 or higher.

[,17.0.15)[18.0.0,21.0.7)[22.0.0,24.0.1)

org.graalvm.sdk:graal-sdk@23.0.9 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

How to fix?