Access Restriction Bypass Affecting org.graalvm.sdk:graal-sdk Open this link in a new tab package, versions [,20.3.4) [21.0.0,21.3.0)
Do your applications use this vulnerable package?
21 Oct 2021
19 Oct 2021
How to fix?
org.graalvm.sdk:graal-sdk to version 20.3.4, 21.3.0 or higher.
Affected versions of this package are vulnerable to Access Restriction Bypass via incorrect principal selection when using Kerberos Constrained Delegation result in unauthorized access to critical data or complete access to all GraalVM accessible data.