CVE-2021-35560

Name of the Vulnerable Software and Affected Versions Java SE version 8u301

Description The issue is related to insufficient input validation in the Deployment component of Java SE, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and can result in the takeover of Java SE. This issue applies to Java deployments that load and run untrusted code, such as sandboxed Java Web Start applications or sandboxed Java applets, and rely on the Java sandbox for security.

Recommendations For Java SE version 8u301, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting the use of the Deployment component or disabling the execution of untrusted code in sandboxed environments until a patch is available. Avoid loading and running untrusted code from the internet in Java deployments that rely on the Java sandbox for security.