OpenJDK Vulnerability Advisory: 2021/01/19
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 15.0.1, 13.0.5, 11.0.9, 8u272, 7u281, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
| Affects ... | |||||||
|---|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector |
7 | 8 | 11 | 13 | 15 |
| CVE-2020-14803 | core-libs/ java.io |
5.3 NLNNULNN |
|||||
OpenJFX Risk matrix
| Affects ... | |||||||
|---|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector |
7 | 8 | 11 | 13 | 15 |
| None | |||||||
Acknowledgements
We acknowledge the following party for their reports and contributions: Markus Loewe.
We also thank the Leads of the JDK 7 Updates, JDK 8 Updates, JDK 11 Updates, JDK 13 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
Last update: 2021/01/19 17:19 UTC
