OpenJDK Vulnerability Advisory: 2023/04/18
The following vulnerabilities in OpenJDK source code were fixed in this release. The affected versions are 20, 17.0.6, 11.0.18, 8u362, and earlier. Please note that defense-in-depth issues are not assigned CVEs. We recommend that you upgrade as soon as possible.
The current and previous advisories are available for reference.
OpenJDK Risk matrix
| Affects ... | ||||||
|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 | 8 | 11 | 17 | 20 |
| CVE-2023-21930 | security-libs/ javax.net.ssl |
7.4 | • | • | • | • |
| CVE-2023-21954 | hotspot/ gc |
5.9 | • | • | • | |
| CVE-2023-21967 | security-libs/ javax.net.ssl |
5.9 | • | • | • | • |
| CVE-2023-21939 | client-libs/ javax.swing |
5.3 | • | • | • | • |
| CVE-2023-21938 | core-libs/ java.lang |
3.7 | • | • | • | • |
| CVE-2023-21937 | core-libs/ java.net |
3.7 | • | • | • | • |
| CVE-2023-21968 | core-libs/ java.nio |
3.7 | • | • | • | • |
OpenJFX Risk matrix
| Affects ... | ||||||
|---|---|---|---|---|---|---|
| CVE ID | Component | CVSSv3.1 | 8 | 11 | 17 | 20 |
| None | ||||||
Acknowledgements
We acknowledge the following parties for their reports and contributions: Beichen, Ben Smyth, C0ny1, Evgeny Astigeevich, Jonathan Looney, PJ Fanning, Philippe Antoine, Ramki Ramakrishna, and Runner361.
We also thank the Leads of the JDK 8 Updates, JDK 11 Updates, JDK 17 Updates, and OpenJFX Projects for providing the risk-matrix information for their releases.
How to report a vulnerability
Please see the reporting instructions for information about how to report a vulnerability.
