OpenJDK Vulnerability Advisory: 2021/10/19

The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 16.0.2, 15.0.4, 13.0.8, 11.0.12, 8u302, 7u311, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.

The current and previous advisories are available for reference.

OpenJDK Risk matrix

			Affects ...
CVE ID	Component	CVSSv3.1	7	8	11	13	15	17
CVE-2021-35567	security-libs/ java.security	6.8		•	•	•	•	•
CVE-2021-35550	security-libs/ javax.net.ssl	5.9	•	•	•	•	•
CVE-2021-35586	client-libs/ javax.imageio	5.3	•	•	•	•	•	•
CVE-2021-35564	security-libs/ java.security	5.3	•	•	•	•	•	•
CVE-2021-35561	core-libs/ java.util	5.3	•	•	•	•	•	•
CVE-2021-35565	core-libs/ java.net	5.3	•	•	•	•	•
CVE-2021-35559	client-libs/ javax.swing	5.3	•	•	•	•	•	•
CVE-2021-35578	security-libs/ javax.net.ssl	5.3		•	•	•	•	•
CVE-2021-35556	client-libs/ javax.swing	5.3	•	•	•	•	•	•
CVE-2021-35603	security-libs/ javax.net.ssl	3.7	•	•	•	•	•	•
CVE-2021-35588	hotspot/ runtime	3.1	•	•

OpenJFX Risk matrix

			Affects ...
CVE ID	Component	CVSSv3.1	7	8	11	13	15	17
CVE-2021-3517	javafx/ web	8.6		•	•			•
CVE-2021-3522	javafx/ media	5.5		•	•			•

Acknowledgements

We acknowledge the following parties for their reports and contributions: Artem Smotrakov, Asaf Greenholts, Chuck Hunley, Dhananjay Arunesh, Fabian Meumertzheim, Juho Nurminen, Markus Loewe, Paul Fiterau-Brostean, and Tristen Hayfield.

We also thank the Leads of the JDK 7 Updates, JDK 8 Updates, JDK 11 Updates, JDK 13 Updates, JDK 15 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.

How to report a vulnerability

Please see the reporting instructions for information about how to report a vulnerability.

© 2023 Oracle Corporation and/or its affiliates
Terms of Use · License: GPLv2 · Privacy · Trademarks