OpenJDK Vulnerability Advisory: 2021/07/20
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 16.0.1, 15.0.3, 13.0.7, 11.0.11, 8u292, 7u301, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
| Affects ... | ||||||||
|---|---|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 | 7 | 8 | 11 | 13 | 15 | 16 |
| CVE-2021-2388 | hotspot/ compiler |
7.5 | • | • | • | • | • | |
| CVE-2021-2369 | security-libs/ java.security |
4.3 | • | • | • | • | • | • |
| CVE-2021-2432 | core-libs/ javax.naming |
3.7 | • | |||||
| CVE-2021-2341 | core-libs/ java.net |
3.1 | • | • | • | • | • | • |
OpenJFX Risk matrix
| Affects ... | ||||||||
|---|---|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 | 7 | 8 | 11 | 13 | 15 | 16 |
| None | ||||||||
Acknowledgements
We acknowledge the following parties for their reports and contributions: Philipp Jeitner, John Jiang, Markus Loewe, Andreas Papa, Aleksey Shipilev, Haya Shulman, and Threedr3am.
We also thank the Leads of the JDK 7 Updates, JDK 8 Updates, JDK 11 Updates, JDK 13 Updates, JDK 15 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
