OpenJDK Vulnerability Advisory: 2024/01/16
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 21.0.1, 17.0.9, 11.0.21, 8u392, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
| Affects ... | ||||||
|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector |
8 | 11 | 17 | 21 |
| CVE-2024-20932 | security-libs/ java.security |
7.5 NLNNUNHN |
• | |||
| CVE-2024-20918 | hotspot/ compiler |
7.4 NHNNUHHN |
• | • | • | • |
| CVE-2024-20952 | security-libs/ java.security |
7.4 NHNNUHHN |
• | • | • | • |
| CVE-2024-20926 | core-libs/ javax.script |
5.9 NHNNUHNN |
• | • | ||
| CVE-2024-20919 | hotspot/ runtime |
5.9 NHNNUNHN |
• | • | • | • |
| CVE-2024-20921 | hotspot/ compiler |
5.9 NHNNUHNN |
• | • | • | • |
| CVE-2024-20945 | security-libs/ javax.xml.crypto |
4.7 LHLNUHNN |
• | • | • | • |
OpenJFX Risk matrix
| Affects ... | |||||
|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 Vector |
11 | 17 | 21 |
| CVE-2024-20925 | javafx/ media |
3.1 NHNRUNLN |
• | • | • |
| CVE-2024-20923 | javafx/ graphics |
3.1 NHNRULNN |
• | • | • |
| CVE-2024-20922 | javafx/ window-toolkit |
2.5 LHNRUNLN |
• | • | • |
Acknowledgements
We acknowledge the following parties for their reports and contributions: Hubert Kario, Max Fichtelmann, Sergey Bylokhov, Valentin Eudeline, Yakov Shafranovich, and Yi Yang.
We also thank the Leads of the JDK 8 Updates, JDK 11 Updates, JDK 17 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
