OpenJDK Vulnerability Advisory: 2020/04/14

The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 14, 13.0.2, 11.0.6, 8u242, 7u251, and earlier. We recommend that you upgrade as soon as possible.

The current and previous advisories are available for reference.

OpenJDK Risk matrix

Affects ...
CVE ID Component CVSSv3 7 8 11 13 14
CVE-2020-2803 core-libs/
java.nio
8.3
CVE-2020-2805 core-libs/
java.io
8.3
CVE-2020-2816 security-libs/
javax.net.ssl
7.5
CVE-2020-2781 security-libs/
java.security
5.3
CVE-2020-2830 core-libs/
java.util
5.3
CVE-2020-2767 security-libs/
javax.net.ssl
4.8
CVE-2020-2800 core-libs/
java.net
4.8
CVE-2020-2778 security-libs/
javax.net.ssl
3.7
CVE-2020-2754 core-libs/
javax.script
3.7
CVE-2020-2755 core-libs/
javax.script
3.7
CVE-2020-2773 security-libs/
javax.xml.crypto
3.7
CVE-2020-2756 core-libs/
java.io:serialization
3.7
CVE-2020-2757 core-libs/
java.io:serialization
3.7

OpenJFX Risk matrix

Affects ...
CVE ID Component CVSSv3 7 8 11 13 14
CVE-2019-18197 javafx/
web
8.1

Acknowledgements

We acknowledge the following parties for their reports and contributions: Dan Amodio, Simone Bordet, Josh Bressers, Paul Fiterau Brostean, Mathieu Deous, Pete Dettman, Nils Emmerich, Bengt Jonsson, Markus Loewe, Robert Merget, Kostis Sagonas, and Juraj Somorovsky.

We also thank the Leads of the JDK 7 Updates, JDK 8 Updates, JDK 11 Updates, JDK 13 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.

How to report a vulnerability

Please see the reporting instructions for information about how to report a vulnerability.

Last update: 2020/04/14 17:10 UTC