CVE-2024-20923

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u391 Oracle GraalVM Enterprise Edition versions 20.3.12 and 21.3.8

Description The issue exists due to insufficient input validation in the JavaFX component of Oracle Java SE and Oracle GraalVM Enterprise Edition. This allows an unauthenticated attacker with network access via multiple protocols to compromise the system, but successful attacks require human interaction from a person other than the attacker. The vulnerability can result in unauthorized read access to a subset of accessible data. It applies to Java deployments in clients running sandboxed Java Web Start applications or sandboxed Java applets that load and run untrusted code, relying on the Java sandbox for security.

Recommendations For Oracle Java SE version 8u391, update to a version that fixes this issue. For Oracle GraalVM Enterprise Edition versions 20.3.12 and 21.3.8, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the JavaFX component until a patch is available. Avoid running untrusted code in sandboxed Java Web Start applications or sandboxed Java applets to minimize the risk of exploitation.