Tristen Hayfield

**Name of the Vulnerable Software and Affected Versions** Java SE versions 7u311, 8u301, 11.0.12 Oracle GraalVM Enterprise Edition versions 20.3.3, 21.2.0 **Description** The issue is related to the JSSE component and involves the execution of a loop with an unavailable exit condition. This can be exploited by a remote attacker to cause a denial of service. The vulnerability can be exploited by supplying data to APIs in the specified component without using untrusted Java Web Start applications or untrusted Java applets, such as through a web service. Successful attacks can result in unauthorized ability to cause a partial denial of service of Java SE, Oracle GraalVM Enterprise Edition. **Recommendations** For Java SE versions 7u311, 8u301, 11.0.12, update to a version that includes the fix for this issue. For Oracle GraalVM Enterprise Edition versions 20.3.3, 21.2.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the JSSE component to minimize the risk of exploitation. Avoid using the JSSE component in the affected API endpoints until the issue is resolved.