Vulnerabilities

2 via 2 paths

Dependencies

41

Source

GitHub

Commit

fd02ff03

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
  • 1
Status
  • 2
  • 0
  • 0

medium severity

Denial of Service (DoS)

  • Vulnerable module: org.graalvm.sdk:graal-sdk
  • Introduced through: org.graalvm.sdk:graal-sdk@23.1.2

Detailed paths

  • Introduced through: otto-de/jlineup@otto-de/jlineup#fd02ff0342a65d713c6078d5da24e9423700cfe4 org.graalvm.sdk:graal-sdk@23.1.2

Overview

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Denial of Service (DoS) in security-libs/javax.net.ssl, when running untrusted code.

Remediation

A fix was pushed into the master branch but not yet published.

References

low severity

Buffer Overflow

  • Vulnerable module: org.graalvm.sdk:graal-sdk
  • Introduced through: org.graalvm.sdk:graal-sdk@23.1.2

Detailed paths

  • Introduced through: otto-de/jlineup@otto-de/jlineup#fd02ff0342a65d713c6078d5da24e9423700cfe4 org.graalvm.sdk:graal-sdk@23.1.2

Overview

org.graalvm.sdk:graal-sdk is a high-performance JDK distribution designed to accelerate the execution of applications written in Java and other JVM languages along with support for JavaScript, Ruby, Python, and a number of other popular languages.

Affected versions of this package are vulnerable to Buffer Overflow in LoadVectorMaskedNode::Ideal() in the hotspot compiler, when running unstrusted code.

Note: This vulnerability is only exploitable when AVX-512 is enabled (-XX:UseAVX=3).

Remediation

A fix was pushed into the master branch but not yet published.

References