openjdk-jre is a free and open-source implementation of the Java Platform, Standard Edition (Java SE).
Affected versions of this package are vulnerable to Improper Input Validation. A flaw was found in the way the XMLSchemaValidator class in the JAXP component of OpenJDK enforced the "use-grammar-pool-only" feature. A specially-crafted XML file could possibly use this flaw to manipulate with the validation process in certain cases.
openjdk-jre to version 7.0.261, 8.0.251, 11.0.7, 14.0.1 or higher.