CVE-2023-21939
First published: Tue Apr 18 2023(Updated: )
An HTML validation flaw was found in the Swing component of OpenJDK. A specially crafted HTML document could cause a Swing Java application to misbehave leading to integrity problems.
Credit: secalert_us@oracle.com secalert_us@oracle.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle GraalVM | =20.3.9 | |
| Oracle GraalVM | =21.3.5 | |
| Oracle GraalVM | =22.3.1 | |
| Oracle JDK | =1.8.0-update361 | |
| Oracle JDK | =11.0.18 | |
| Oracle JDK | =17.0.6 | |
| Oracle JDK | =20 | |
| Oracle JRE | =1.8.0-update361 | |
| Oracle JRE | =11.0.18 | |
| Oracle JRE | =17.0.6 | |
| Oracle JRE | =20 | |
| debian/openjdk-11 | <=11.0.16+8-1~deb10u1 | 11.0.21+9-1~deb10u1 11.0.20+8-1~deb11u1 11.0.21+9-1~deb11u1 11.0.22~6ea-1 |
| debian/openjdk-17 | 17.0.7+7-1~deb11u1 17.0.9+9-1~deb11u1 17.0.9+9-1~deb12u1 17.0.10~6ea-1 | |
| debian/openjdk-20 | 20.0.2+9-1 | |
| debian/openjdk-8 | 8u392-ga-1 | |
| NetApp 7-Mode Transition Tool | ||
| Netapp Brocade San Navigator | ||
| Netapp Cloud Insights Acquisition Unit | ||
| Netapp Cloud Insights Storage Workload Security Agent | ||
| NetApp OnCommand Insight | ||
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Debian Debian Linux | =12.0 | |
| Oracle OpenJDK | <8 | |
| Oracle OpenJDK | >=11<=11.0.18 | |
| Oracle OpenJDK | >=17<=17.0.6 | |
| Oracle OpenJDK | =8 | |
| Oracle OpenJDK | =8-milestone1 | |
| Oracle OpenJDK | =8-milestone2 | |
| Oracle OpenJDK | =8-milestone3 | |
| Oracle OpenJDK | =8-milestone4 | |
| Oracle OpenJDK | =8-milestone5 | |
| Oracle OpenJDK | =8-milestone6 | |
| Oracle OpenJDK | =8-milestone7 | |
| Oracle OpenJDK | =8-milestone8 | |
| Oracle OpenJDK | =8-milestone9 | |
| Oracle OpenJDK | =8-update101 | |
| Oracle OpenJDK | =8-update102 | |
| Oracle OpenJDK | =8-update11 | |
| Oracle OpenJDK | =8-update111 | |
| Oracle OpenJDK | =8-update112 | |
| Oracle OpenJDK | =8-update121 | |
| Oracle OpenJDK | =8-update131 | |
| Oracle OpenJDK | =8-update141 | |
| Oracle OpenJDK | =8-update151 | |
| Oracle OpenJDK | =8-update152 | |
| Oracle OpenJDK | =8-update161 | |
| Oracle OpenJDK | =8-update162 | |
| Oracle OpenJDK | =8-update171 | |
| Oracle OpenJDK | =8-update172 | |
| Oracle OpenJDK | =8-update181 | |
| Oracle OpenJDK | =8-update191 | |
| Oracle OpenJDK | =8-update192 | |
| Oracle OpenJDK | =8-update20 | |
| Oracle OpenJDK | =8-update201 | |
| Oracle OpenJDK | =8-update202 | |
| Oracle OpenJDK | =8-update211 | |
| Oracle OpenJDK | =8-update212 | |
| Oracle OpenJDK | =8-update221 | |
| Oracle OpenJDK | =8-update222 | |
| Oracle OpenJDK | =8-update231 | |
| Oracle OpenJDK | =8-update232 | |
| Oracle OpenJDK | =8-update241 | |
| Oracle OpenJDK | =8-update242 | |
| Oracle OpenJDK | =8-update25 | |
| Oracle OpenJDK | =8-update252 | |
| Oracle OpenJDK | =8-update262 | |
| Oracle OpenJDK | =8-update271 | |
| Oracle OpenJDK | =8-update281 | |
| Oracle OpenJDK | =8-update282 | |
| Oracle OpenJDK | =8-update291 | |
| Oracle OpenJDK | =8-update301 | |
| Oracle OpenJDK | =8-update302 | |
| Oracle OpenJDK | =8-update31 | |
| Oracle OpenJDK | =8-update312 | |
| Oracle OpenJDK | =8-update322 | |
| Oracle OpenJDK | =8-update332 | |
| Oracle OpenJDK | =8-update342 | |
| Oracle OpenJDK | =8-update352 | |
| Oracle OpenJDK | =8-update362 | |
| Oracle OpenJDK | =8-update40 | |
| Oracle OpenJDK | =8-update45 | |
| Oracle OpenJDK | =8-update5 | |
| Oracle OpenJDK | =8-update51 | |
| Oracle OpenJDK | =8-update60 | |
| Oracle OpenJDK | =8-update65 | |
| Oracle OpenJDK | =8-update66 | |
| Oracle OpenJDK | =8-update71 | |
| Oracle OpenJDK | =8-update72 | |
| Oracle OpenJDK | =8-update73 | |
| Oracle OpenJDK | =8-update74 | |
| Oracle OpenJDK | =8-update77 | |
| Oracle OpenJDK | =8-update91 | |
| Oracle OpenJDK | =8-update92 | |
| Oracle OpenJDK | =20 | |
| IBM QRadar SIEM | <=7.5.0 - 7.5.0 UP6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://lists.debian.org/debian-lts-announce/2023/09/msg00018.html
- https://security.netapp.com/advisory/ntap-20230427-0008/
- https://www.debian.org/security/2023/dsa-5430
- https://www.debian.org/security/2023/dsa-5478
- https://www.oracle.com/security-alerts/cpuapr2023.html
- https://security-tracker.debian.org/tracker/CVE-2023-21939
- https://github.com/openjdk/jdk8u/commit/6089a4fcc583ab156c22eae8196ce5073bf90032
- https://github.com/openjdk/jdk11u/commit/91328b328524a69b6623c09e1fadc9ef9b8010a9
- https://github.com/openjdk/jdk17u/commit/0c49bb77f0dd35878a9a6bb01843b7cac8241c69
- https://www.oracle.com/security-alerts/cpuapr2023.html#AppendixJAVA
- https://www.oracle.com/java/technologies/javase/8u371-relnotes.html
- https://www.oracle.com/java/technologies/javase/11-0-19-relnotes.html
- https://www.oracle.com/java/technologies/javase/17-0-7-relnotes.html
- https://www.oracle.com/java/technologies/javase/20-0-1-relnotes.html
- https://access.redhat.com/errata/RHSA-2023:1875
- https://access.redhat.com/errata/RHSA-2023:1877
- https://access.redhat.com/errata/RHSA-2023:1878
- https://access.redhat.com/errata/RHSA-2023:1879
- https://access.redhat.com/errata/RHSA-2023:1880
- https://access.redhat.com/errata/RHSA-2023:1883
- https://access.redhat.com/errata/RHSA-2023:1882
- https://access.redhat.com/errata/RHSA-2023:1885
- https://access.redhat.com/errata/RHSA-2023:1884
- https://access.redhat.com/errata/RHSA-2023:1889
- https://access.redhat.com/errata/RHSA-2023:1890
- https://access.redhat.com/errata/RHSA-2023:1891
- https://access.redhat.com/errata/RHSA-2023:1892
- https://access.redhat.com/errata/RHSA-2023:1895
- https://access.redhat.com/errata/RHSA-2023:1898
- https://access.redhat.com/errata/RHSA-2023:1899
- https://access.redhat.com/errata/RHSA-2023:1900
- https://access.redhat.com/errata/RHSA-2023:1904
- https://access.redhat.com/errata/RHSA-2023:1911
- https://access.redhat.com/errata/RHSA-2023:1905
- https://access.redhat.com/errata/RHSA-2023:1906
- https://access.redhat.com/errata/RHSA-2023:1909
- https://access.redhat.com/errata/RHSA-2023:1908
- https://access.redhat.com/errata/RHSA-2023:1910
- https://access.redhat.com/errata/RHSA-2023:1907
- https://access.redhat.com/errata/RHSA-2023:1912
- https://access.redhat.com/errata/RHSA-2023:1903
- https://access.redhat.com/security/cve/cve-2023-21939
- https://access.redhat.com/errata/RHSA-2023:4103
- https://access.redhat.com/errata/RHSA-2023:4160
- https://bugzilla.redhat.com/show_bug.cgi?id=2187724
- https://security.netapp.com/advisory/ntap-20240621-0006/
- https://www.couchbase.com/alerts/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/253168
- https://www.ibm.com/support/pages/node/7049133 (Advisory)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-21939.
What is the affected software?
The affected software includes Oracle Java SE versions 8u361, 8u361-perf, 11.0.18, 17.0.6, and 20; Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, and 22.3.1.
What is the severity of CVE-2023-21939?
The severity of CVE-2023-21939 is medium with a CVSS score of 5.3.
How can I fix the vulnerability?
To fix the vulnerability, update to the latest versions of Oracle Java SE or Oracle GraalVM Enterprise Edition as mentioned in the references.
Where can I find more information about CVE-2023-21939?
You can find more information about CVE-2023-21939 in the references provided.
- collector/nvd-index
- collector/security-tracker-debian
- agent/author
- agent/type
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-21939
- agent/severity
- agent/description
- agent/event
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/ibm-support
- source/IBM
- vendor/oracle
- canonical/oracle graalvm
- version/oracle graalvm/20.3.9
- version/oracle graalvm/21.3.5
- version/oracle graalvm/22.3.1
- canonical/oracle jdk
- version/oracle jdk/1.8.0-update361
- version/oracle jdk/11.0.18
- version/oracle jdk/17.0.6
- version/oracle jdk/20
- canonical/oracle jre
- version/oracle jre/1.8.0-update361
- version/oracle jre/11.0.18
- version/oracle jre/17.0.6
- version/oracle jre/20
- package-manager/debian
- vendor/netapp
- canonical/netapp 7-mode transition tool
- canonical/netapp brocade san navigator
- canonical/netapp cloud insights acquisition unit
- canonical/netapp cloud insights storage workload security agent
- canonical/netapp oncommand insight
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- version/debian debian linux/12.0
- canonical/oracle openjdk
- version/oracle openjdk/11
- version/oracle openjdk/11.0.18
- version/oracle openjdk/17
- version/oracle openjdk/17.0.6
- version/oracle openjdk/8
- version/oracle openjdk/8-milestone1
- version/oracle openjdk/8-milestone2
- version/oracle openjdk/8-milestone3
- version/oracle openjdk/8-milestone4
- version/oracle openjdk/8-milestone5
- version/oracle openjdk/8-milestone6
- version/oracle openjdk/8-milestone7
- version/oracle openjdk/8-milestone8
- version/oracle openjdk/8-milestone9
- version/oracle openjdk/8-update101
- version/oracle openjdk/8-update102
- version/oracle openjdk/8-update11
- version/oracle openjdk/8-update111
- version/oracle openjdk/8-update112
- version/oracle openjdk/8-update121
- version/oracle openjdk/8-update131
- version/oracle openjdk/8-update141
- version/oracle openjdk/8-update151
- version/oracle openjdk/8-update152
- version/oracle openjdk/8-update161
- version/oracle openjdk/8-update162
- version/oracle openjdk/8-update171
- version/oracle openjdk/8-update172
- version/oracle openjdk/8-update181
- version/oracle openjdk/8-update191
- version/oracle openjdk/8-update192
- version/oracle openjdk/8-update20
- version/oracle openjdk/8-update201
- version/oracle openjdk/8-update202
- version/oracle openjdk/8-update211
- version/oracle openjdk/8-update212
- version/oracle openjdk/8-update221
- version/oracle openjdk/8-update222
- version/oracle openjdk/8-update231
- version/oracle openjdk/8-update232
- version/oracle openjdk/8-update241
- version/oracle openjdk/8-update242
- version/oracle openjdk/8-update25
- version/oracle openjdk/8-update252
- version/oracle openjdk/8-update262
- version/oracle openjdk/8-update271
- version/oracle openjdk/8-update281
- version/oracle openjdk/8-update282
- version/oracle openjdk/8-update291
- version/oracle openjdk/8-update301
- version/oracle openjdk/8-update302
- version/oracle openjdk/8-update31
- version/oracle openjdk/8-update312
- version/oracle openjdk/8-update322
- version/oracle openjdk/8-update332
- version/oracle openjdk/8-update342
- version/oracle openjdk/8-update352
- version/oracle openjdk/8-update362
- version/oracle openjdk/8-update40
- version/oracle openjdk/8-update45
- version/oracle openjdk/8-update5
- version/oracle openjdk/8-update51
- version/oracle openjdk/8-update60
- version/oracle openjdk/8-update65
- version/oracle openjdk/8-update66
- version/oracle openjdk/8-update71
- version/oracle openjdk/8-update72
- version/oracle openjdk/8-update73
- version/oracle openjdk/8-update74
- version/oracle openjdk/8-update77
- version/oracle openjdk/8-update91
- version/oracle openjdk/8-update92
- version/oracle openjdk/20
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 - 7.5.0 up6