OpenJDK Vulnerability Advisory: 2020/07/14
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 14.0.1, 13.0.3, 11.0.7, 8u252, 7u261, and earlier. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
| Affects ... | |||||||
|---|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 | 7 | 8 | 11 | 13 | 14 |
| CVE-2020-14583 | core-libs/ java.io |
8.3 | • | • | • | • | • |
| CVE-2020-14593 | client-libs/ 2d |
7.4 | • | • | • | • | • |
| CVE-2020-14562 | client-libs/ javax.imageio |
5.3 | • | • | • | ||
| CVE-2020-14621 | xml/ jaxp |
5.3 | • | • | • | • | • |
| CVE-2020-14556 | core-libs/ java.util.concurrent |
4.8 | • | • | • | • | |
| CVE-2020-14573 | hotspot/ compiler |
3.7 | • | • | • | ||
| CVE-2020-14578 | security-libs/ java.security |
3.7 | • | • | |||
| CVE-2020-14579 | security-libs/ java.security |
3.7 | • | • | |||
| CVE-2020-14581 | client-libs/ 2d |
3.7 | • | • | • | • | • |
| CVE-2020-14577 | security-libs/ javax.net.ssl |
3.7 | • | • | • | • | • |
OpenJFX Risk matrix
| Affects ... | |||||||
|---|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 | 7 | 8 | 11 | 13 | 14 |
| CVE-2020-14664 | javafx/ graphics |
8.3 | • | • | • | • | |
Acknowledgements
We acknowledge the following parties for their reports and contributions: Kdot, Markus Loewe, Philippe Arteau, Roman Shemyakin, and Saeid Tizpaz Niari.
We also thank the Leads of the JDK 7 Updates, JDK 8 Updates, JDK 11 Updates, JDK 13 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
Last update: 2020/07/14 17:10 UTC
