PT-2023-3938 · Oracle · Graalvm For Jdk+1
Published
2023-07-18
·
Updated
2023-07-27
·
CVE-2023-22051
CVSS v3.1
3.7
Low
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle GraalVM Enterprise Edition versions 21.3.6, 22.3.2
Oracle GraalVM for JDK versions 17.0.7, 20.0.1
Description
The issue is related to errors in processing input data in the GraalVM Compiler component of Oracle GraalVM Enterprise Edition and Oracle GraalVM for JDK. It allows an unauthenticated attacker with network access via multiple protocols to compromise the system, resulting in unauthorized read access to a subset of accessible data.
Recommendations
For Oracle GraalVM Enterprise Edition version 21.3.6, update to a newer version to mitigate the risk.
For Oracle GraalVM Enterprise Edition version 22.3.2, update to a newer version to mitigate the risk.
For Oracle GraalVM for JDK version 17.0.7, update to a newer version to mitigate the risk.
For Oracle GraalVM for JDK version 20.0.1, update to a newer version to mitigate the risk.
As a temporary workaround, consider restricting access to the GraalVM Compiler component until a patch is available.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Graalvm Enterprise Edition
Graalvm For Jdk