medium
5.9
EPSS
0.048%
Advisory Published
CVE Published
Updated

CVE-2024-20919

First published: Thu Jan 11 2024(Updated: )

A flaw was found in the way the Hotspot JVM class file verifier verified the correctness of bytecode in the loaded class files. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

Credit: secalert_us@oracle.com secalert_us@oracle.com

Affected SoftwareAffected VersionHow to fix
IBM Cognos Controller<=11.0.0 - 11.0.1
debian/openjdk-11
11.0.24+8-2~deb11u1
11.0.26+4-1~deb11u1
11.0.26+4-1
debian/openjdk-17
17.0.12+7-2~deb11u1
17.0.14+7-1~deb11u1
17.0.13+11-2~deb12u1
17.0.14+7-1~deb12u1
17.0.14+7-1
debian/openjdk-21
21.0.6+7-1
debian/openjdk-8
8u442-ga-1
Oracle GraalVM Enterprise Edition=20.3.12
Oracle GraalVM Enterprise Edition=21.3.8
Oracle GraalVM Enterprise Edition=22.3.4
Oracle GraalVM for JDK=17.0.9
Oracle GraalVM for JDK=21.0.1
Oracle OpenJDK 1.8.0=1.8.0-update391
Oracle OpenJDK 1.8.0=1.8.0-update391
Oracle OpenJDK 1.8.0=11.0.21
Oracle OpenJDK 1.8.0=17.0.9
Oracle OpenJDK 1.8.0=21.0.1
Oracle JRE=1.8.0-update391
Oracle JRE=1.8.0-update391
Oracle JRE=11.0.21
Oracle JRE=17.0.9
Oracle JRE=21.0.1

Remedy

https://github.com/openjdk/jdk8u/commit/77d38b78e4993381ddb113d012b30ab2d7cd9215

Remedy

https://github.com/openjdk/jdk11u/commit/6944c161004bbd1f57ba3a76e6d024314177e8e7

Remedy

https://github.com/openjdk/jdk17u/commit/d144c87dff5c2a98571d92f0e3d36c9f8d51f052

Remedy

https://github.com/openjdk/jdk21u/commit/08980a0a60bc48c17eacd57fd2d7065ac2d986a8

Remedy

https://github.com/openjdk/jdk22/commit/7586d8e43fae17953bbb1b62117b235497d617f5

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2024-20919?

    CVE-2024-20919 has a critical severity rating due to its potential to bypass Java sandbox restrictions.

  • How do I fix CVE-2024-20919?

    To resolve CVE-2024-20919, update to the latest patched version of the affected software, such as OpenJDK or Oracle JDK.

  • Which software is affected by CVE-2024-20919?

    CVE-2024-20919 impacts various versions of IBM Cognos Controller and multiple OpenJDK releases, including Oracle GraalVM.

  • What types of systems are vulnerable to CVE-2024-20919?

    Systems running untrusted Java applications or applets, particularly those with vulnerable versions of Java SE, are susceptible to CVE-2024-20919.

  • Is there a workaround for CVE-2024-20919?

    There is no verified workaround for CVE-2024-20919; updating to the latest versions is strongly recommended.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203