CVE-2020-2805

Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241

Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Java SE Embedded. This could allow a remote attacker to compromise the integrity, confidentiality, and availability of protected information. The vulnerability is difficult to exploit and requires human interaction from a person other than the attacker. Successful attacks may significantly impact additional products and can result in the takeover of Java SE and Java SE Embedded. This vulnerability applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.

Recommendations For Java SE versions 7u251, 8u241, 11.0.6, and 14, consider disabling the execution of untrusted code until a patch is available. For Java SE Embedded version 8u241, restrict access to untrusted code to minimize the risk of exploitation. As a temporary workaround, consider disabling the loading and running of untrusted code in sandboxed Java Web Start applications or sandboxed Java applets until a patch is available. Avoid using Java deployments that rely on the Java sandbox for security in environments where untrusted code is executed.