CVE-2023-21986

Name of the Vulnerable Software and Affected Versions Oracle GraalVM Enterprise Edition versions 20.3.9, 21.3.5, and 22.3.1

Description The issue is related to insufficient input validation in the Native Image component of Oracle GraalVM Enterprise Edition, allowing an unauthenticated attacker with logon to the infrastructure to compromise the system. This can result in unauthorized access to modify, add, or delete data, as well as cause a partial denial of service. The vulnerability may also impact additional products.

Recommendations For Oracle GraalVM Enterprise Edition version 20.3.9, update to a fixed version when available. For Oracle GraalVM Enterprise Edition version 21.3.5, update to a fixed version when available. For Oracle GraalVM Enterprise Edition version 22.3.1, update to a fixed version when available. As a temporary workaround, consider restricting access to the Native Image component to minimize the risk of exploitation.