OpenJDK Vulnerability Advisory: 2024/07/16
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 22.0.1, 21.0.3, 17.0.11, 11.0.23, 8u412, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
Affects ... | |||||||
---|---|---|---|---|---|---|---|
CVE ID | Component | CVSSv3.1 Vector |
8 | 11 | 17 | 21 | 22 |
CVE-2024-21147 | hotspot/ compiler |
7.4 NHNNUHHN |
• | • | • | • | • |
CVE-2024-21145 | client-libs/ 2d |
4.8 NHNNULLN |
• | • | • | • | • |
CVE-2024-21140 | hotspot/ compiler |
4.8 NHNNULLN |
• | • | • | • | • |
CVE-2024-21144 | core-libs/ java.util |
3.7 NHNNUNNL |
• | • | |||
CVE-2024-21131 | hotspot/ runtime |
3.7 NHNNUNLN |
• | • | • | • | • |
CVE-2024-21138 | hotspot/ runtime |
3.7 NHNNUNNL |
• | • | • | • | • |
OpenJFX Risk matrix
Affects ... | |||||
---|---|---|---|---|---|
CVE ID | Component | CVSSv3.1 Vector |
17 | 21 | 22 |
None |
Acknowledgements
We acknowledge the following parties for their reports and contributions: Sergey Bylokhov, and Yakov Shafranovich.
We also thank the Leads of the JDK 8 Updates, JDK 11 Updates, JDK 17 Updates, JDK 21 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
Last update: 2024/07/16 17:44 UTC