org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.
Affected versions of this package are vulnerable to Denial of Service (DoS) in security-libs/javax.net.ssl, when running untrusted code.
Remediation
A fix was pushed into the master branch but not yet published.
org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.
Affected versions of this package are vulnerable to Buffer Overflow in LoadVectorMaskedNode::Ideal() in the hotspot compiler, when running unstrusted code.
Note:
This vulnerability is only exploitable when AVX-512 is enabled (-XX:UseAVX=3).
Remediation
A fix was pushed into the master branch but not yet published.