Allocation of Resources Without Limits or Throttling Affecting org.graalvm.sdk:graal-sdk Open this link in a new tab package, versions [,20.3.5) [21.0.0,21.3.1)
Do your applications use this vulnerable package?
19 Jan 2022
18 Jan 2022
How to fix?
org.graalvm.sdk:graal-sdk to version 20.3.5, 21.3.1 or higher.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. A flaw was found in the way the
Attributes class in the
Libraries component performs reading of attributes with very long values from the
JAR file manifests. A specially-crafted JAR archive could cause a Java application reading its manifest to use an excessive amount of system resources and hang.