Violeta Georgieva

**Name of the Vulnerable Software and Affected Versions** Oracle Java SE versions 8u451-perf through 8u451-perf Oracle Java SE versions 11.0.27 Oracle Java SE versions 17.0.15 Oracle Java SE versions 21.0.7 Oracle Java SE versions 24.0.1 Oracle GraalVM for JDK versions 17.0.15 Oracle GraalVM for JDK versions 21.0.7 Oracle GraalVM for JDK versions 24.0.1 Oracle GraalVM Enterprise Edition versions 21.3.14 **Description** A vulnerability exists within the Networking component of Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition. This issue allows an unauthenticated attacker with network access to compromise the affected products via multiple protocols. Successful exploitation may lead to unauthorized access to critical data or complete access to all accessible data. This vulnerability primarily affects Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or applets. It does not typically impact server-side deployments running only trusted code. **Recommendations** Oracle Java SE versions prior to 8u451-perf Oracle Java SE versions prior to 11.0.27 Oracle Java SE versions prior to 17.0.15 Oracle Java SE versions prior to 21.0.7 Oracle Java SE versions prior to 24.0.1 Oracle GraalVM for JDK versions prior to 17.0.15 Oracle GraalVM for JDK versions prior to 21.0.7 Oracle GraalVM for JDK versions prior to 24.0.1 Oracle GraalVM Enterprise Edition versions prior to 21.3.14