Mashroor Hasan Bhuiyan

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 8u451 and 8u451-perf Oracle Java SE version 11.0.27 Oracle Java SE version 17.0.15 Oracle Java SE version 21.0.7 Oracle Java SE version 24.0.1 Oracle GraalVM for JDK versions 17.0.15, 21.0.7 and 24.0.1 Oracle GraalVM Enterprise Edition version 21.3.14 **Description** This issue affects Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. A difficult-to-exploit vulnerability exists that allows an unauthenticated attacker with network access via TLS to compromise the software. Successful exploitation can lead to unauthorized modification, insertion, or deletion of data, as well as unauthorized read access to data accessible by the software. This vulnerability specifically impacts Java deployments that load and execute untrusted code within a sandbox, such as Java Web Start applications or applets. It does not affect server-side deployments running only trusted code. **Recommendations** Oracle Java SE versions prior to 8u451 and 8u451-perf Oracle Java SE versions prior to 11.0.27 Oracle Java SE versions prior to 17.0.15 Oracle Java SE versions prior to 21.0.7 Oracle Java SE versions prior to 24.0.1 Oracle GraalVM for JDK versions prior to 17.0.15, 21.0.7 and 24.0.1 Oracle GraalVM Enterprise Edition versions prior to 21.3.14