REDHAT-BUG-1889717
First published: Tue Oct 20 2020(Updated: )
It was discovered that the UnixUriUtils class in the Libraries component of OpenJDK did not properly check for invalid characters when performing URI to Path conversion. This could lead to creating Path objects with invalid paths.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenJDK |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.oracle.com/security-alerts/cpuoct2020.html#AppendixJAVA
- https://access.redhat.com/errata/RHSA-2020:4306
- https://access.redhat.com/errata/RHSA-2020:4305
- https://access.redhat.com/security/cve/cve-2020-14797
- https://access.redhat.com/errata/RHSA-2020:4307
- https://access.redhat.com/errata/RHSA-2020:4316
- http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/30d70a2f1ed3
- http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/cb50526a9629
- https://access.redhat.com/errata/RHSA-2020:4349
- https://access.redhat.com/errata/RHSA-2020:4347
- https://access.redhat.com/errata/RHSA-2020:4352
- https://access.redhat.com/errata/RHSA-2020:4348
- https://access.redhat.com/errata/RHSA-2020:4350
- https://access.redhat.com/errata/RHSA-2020:5586
- https://access.redhat.com/errata/RHSA-2020:5585
- https://access.redhat.com/errata/RHSA-2021:0530
- https://bugzilla.redhat.com/show_bug.cgi?id=1889717
Frequently Asked Questions
What is the severity of REDHAT-BUG-1889717?
The severity of REDHAT-BUG-1889717 is considered to be moderate.
How do I fix REDHAT-BUG-1889717?
To fix REDHAT-BUG-1889717, upgrade to the patched version of OpenJDK provided by your package manager.
What are the consequences of REDHAT-BUG-1889717?
The consequences of REDHAT-BUG-1889717 include potential creation of invalid Path objects, leading to application errors.
Which versions of OpenJDK are affected by REDHAT-BUG-1889717?
REDHAT-BUG-1889717 affects certain versions of OpenJDK that utilize the UnixUriUtils class.
How can I verify if my version of OpenJDK is safe from REDHAT-BUG-1889717?
To verify if your version of OpenJDK is safe from REDHAT-BUG-1889717, check for updates or security advisories from your vendor.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-14797
- agent/source
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/openjdk
- canonical/openjdk