First published: Thu Jan 11 2024(Updated: )
A flaw was found in the way the Hotspot JVM class file verifier verified the correctness of bytecode in the loaded class files. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Credit: secalert_us@oracle.com secalert_us@oracle.com
Affected Software | Affected Version | How to fix |
---|---|---|
IBM Cognos Controller | <=11.0.0 - 11.0.1 | |
Oracle GraalVM | =20.3.12 | |
Oracle GraalVM | =21.3.8 | |
Oracle GraalVM | =22.3.4 | |
Oracle GraalVM for JDK | =17.0.9 | |
Oracle GraalVM for JDK | =21.0.1 | |
Oracle JDK | =1.8.0-update391 | |
Oracle JDK | =1.8.0-update391 | |
Oracle JDK | =11.0.21 | |
Oracle JDK | =17.0.9 | |
Oracle JDK | =21.0.1 | |
Oracle JRE | =1.8.0-update391 | |
Oracle JRE | =1.8.0-update391 | |
Oracle JRE | =11.0.21 | |
Oracle JRE | =17.0.9 | |
Oracle JRE | =21.0.1 | |
debian/openjdk-11 | 11.0.24+8-2~deb11u1 11.0.25+9-1~deb11u1 11.0.26~6ea-1 | |
debian/openjdk-17 | 17.0.12+7-2~deb11u1 17.0.13+11-1~deb11u1 17.0.13+11-2~deb12u1 17.0.13+11-2 17.0.14~6ea-1 | |
debian/openjdk-21 | 21.0.5+11-1 21.0.6~6ea-1 | |
debian/openjdk-8 | 8u432-b06-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.