Allocation of Resources Without Limits or Throttling Affecting org.graalvm.sdk:graal-sdk Open this link in a new tab package, versions [,20.3.5) [21.0.0,21.3.1)
Do your applications use this vulnerable package?
19 Jan 2022
18 Jan 2022
How to fix?
org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling the implementation of the
IdentityHashMap class doesn't properly validate the value of its size attribute when creating object instances from a serialized form. A specially-crafted input could cause a Java application to use an excessive amount of memory when deserialized.