Information Exposure Affecting openjdk-jre package, versions [,1.7.0_331) [1.8.0,1.8.0_321) [9.0.0,11.0.14) [12.0.0,17.0.2)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.19% (56th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UPSTREAM-OPENJDKJRE-2343476
- published 19 Jan 2022
- disclosed 18 Jan 2022
- credit Jonni Passki
Introduced: 18 Jan 2022
CVE-2022-21282 Open this link in a new tabHow to fix?
Upgrade openjdk-jre
to version 7.0.331, 8.0.321, 11.0.14, 17.0.2 or higher.
Overview
openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).
Affected versions of this package are vulnerable to Information Exposure. TransformerImpl
class implementation in the JAXP
component did not properly check access restrictions when performing URI resolution. This could possibly lead to information disclosure when performing XSLT transformations.