OpenJDK Vulnerability Advisory: 2020/04/14

The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 14, 13.0.2, 11.0.6, 8u242, 7u251, and earlier. We recommend that you upgrade as soon as possible.

The current and previous advisories are available for reference.

OpenJDK Risk matrix

			Affects ...
CVE ID	Component	CVSSv3 Vector	7	8	11	13	14
CVE-2020-2803	core-libs/ java.nio	8.3 NHNRCHHH	•	•	•	•	•
CVE-2020-2805	core-libs/ java.io	8.3 NHNRCHHH	•	•	•	•	•
CVE-2020-2816	security-libs/ javax.net.ssl	7.5 NLNNUNHN			•	•	•
CVE-2020-2781	security-libs/ java.security	5.3 NLNNUNNL	•	•	•	•	•
CVE-2020-2830	core-libs/ java.util	5.3 NLNNUNNL	•	•	•	•	•
CVE-2020-2767	security-libs/ javax.net.ssl	4.8 NHNNULLN			•	•	•
CVE-2020-2800	core-libs/ java.net	4.8 NHNNULLN	•	•	•	•	•
CVE-2020-2778	security-libs/ javax.net.ssl	3.7 NHNNULNN			•	•	•
CVE-2020-2754	core-libs/ javax.script	3.7 NHNNUNNL		•	•	•	•
CVE-2020-2755	core-libs/ javax.script	3.7 NHNNUNNL		•	•	•	•
CVE-2020-2773	security-libs/ javax.xml.crypto	3.7 NHNNUNNL	•	•	•	•	•
CVE-2020-2756	core-libs/ java.io:serialization	3.7 NHNNUNNL	•	•	•	•	•
CVE-2020-2757	core-libs/ java.io:serialization	3.7 NHNNUNNL	•	•	•	•	•

OpenJFX Risk matrix

			Affects ...
CVE ID	Component	CVSSv3 Vector	7	8	11	13	14
CVE-2019-18197	javafx/ web	8.1 NHNNUHHH		•	•		•

Acknowledgements

We acknowledge the following parties for their reports and contributions: Dan Amodio, Simone Bordet, Josh Bressers, Paul Fiterau Brostean, Mathieu Deous, Pete Dettman, Nils Emmerich, Bengt Jonsson, Markus Loewe, Robert Merget, Kostis Sagonas, and Juraj Somorovsky.

We also thank the Leads of the JDK 7 Updates, JDK 8 Updates, JDK 11 Updates, JDK 13 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.

How to report a vulnerability

Please see the reporting instructions for information about how to report a vulnerability.

© 2025 Oracle Corporation and/or its affiliates
Terms of Use · License: GPLv2 · Privacy · Trademarks