CVE-2022-21299

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-21299

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-21299.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-21299

Related

Published

2022-01-19T12:15:12Z

Modified

2024-09-03T11:08:42.806681Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).

References

Affected packages

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type: GIT
Repo: https://github.com/graalvm/graalvm-ce-builds
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

2b9eb103d1668cf5eac22fe85bdad7513681d9e3

Last affected

9e3645fe9e0c84e1350c4b88cfb9fdf432c97fce

Type: GIT
Repo: https://github.com/openjdk/jdk
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0620440d1f92448c18cedb790913579beaff19d8

Last affected

0bd0f10d2c5965369490624627f16a39d35c8734

Last affected

0d3829a2c5a70961ffc539865adc1442c1a30bb1

Last affected

13ad3ed8b99f8c872eebb5d0bb647d5bb44ea0b5

Last affected

1408dbfdbe550dcdea4cb9a849fab6cb371ded18

Last affected

1c11f83e9262d3bf07b9d095a7b1d3659f1f2a9e

Last affected

22e500e3a917594cd93baaf8b5c7d29360d250d1

Last affected

27cab0e0c87f124277c7afeb5dd6a8750443804e

Last affected

34063e3656db6d0cadb9168f37024e6e66fc2372

Last affected

38378b7ee032d70653b3f0d4205f2305cf4f1170

Last affected

38930ae468910fb1d763f18c1d9473beffa7f3cb

Last affected

423befc9a0123b2cf13041f8acbb2a0000ddccdc

Last affected

493ac9ee8f9c4fb66b687bd740b8e1fb5ee8b86a

Last affected

6412341d454eee8a151cf89b51cabfb7b3d87140

Last affected

69efabad3d8a2ff47a62a4626c574a56edec1cfd

Last affected

6c04fd835e86522d2136ee663e19cfd5f71b9aa8

Last affected

7517b9d19367e1f057e5450d7871135b5f878d02

Last affected

7588f37667fd2a8c00d9a1a6e1afc605b75e0dc2

Last affected

75c48b0d1b36d9361a412ee2db2f51b7d9b6ef1c

Last affected

7ba83041b1d65545833655293d0976dfd1ffdea8

Last affected

7c18f827d7f096cbeb96b086a8516754f0c70221

Last affected

7ff3916e57ab852014885c3e7bdb95e5c1ed8c1e

Last affected

81ecd2932e0caee8ed01955fccc9e958c6a5cda3

Last affected

8261ee6da3c5843806c20808cc4206c73bb0efac

Last affected

82d185e64838992b019c90133d508d479d5ced0a

Last affected

880e09412543af479bc335faeda6196489a2a045

Last affected

88b37fb2a8aecf2b0afa75904d212da11919aa98

Last affected

925752098ba63b25c1cb635f50a53684d4094f8b

Last affected

b4b746fb274cb65f8cbf4a884bb20749a8f35d2b

Last affected

ba79b2bcce1ceefdeb44bb7075bc5d2647a56834

Last affected

bd04d75035a888d5034c5f7e2e0508d1d28d14af

Last affected

c1ff9b2e3b5e31e5874ca7d7a38ea4fbd9bbdd5d

Last affected

cfa6e0878b1aff48b521ee21d2598abe7f4964c2

Last affected

d08e6435e4026542e4d4bffdf12748e83ef0f9fb

Last affected

d38a1f186d640dede9fccb727ec98db3a413f9d8

Last affected

d49120d46668eaaab9df465a9ee17b696cb4e37f

Last affected

dfacda488bfbe2e11e8d607a6d08527710286982

Last affected

e21ea57f72b20424ac38930bcf56513cd42642e5

Last affected

e514f9072fc6ea3d2ad4e9a81251bf1fc1ed1eb6

Last affected

e7187d14db3748428c4a312203549f7ee31d4471

Last affected

e7d87b234c444e39369e8575284f785c56113324

Last affected

e9a2e84e45e1120aa306a01dfb087200f6a7f903

Last affected

ed6697aa20e3f9c17a496a544b10bfe3543de38f

Type: GIT
Repo: https://github.com/openjdk/jdk15u
Events: Introduced

4a588d89f01a650d90432cc14697a5a2ae2c97d3

Last affected

0fa171bd82048dae22daf3bc434cba2af57e7dd9

Affected versions

Other

jdk-15+36

jdk-15-ga

jdk7-b24

jdk7-b25

jdk7-b26

jdk7-b27

jdk7-b28

jdk7-b29

jdk7-b30

jdk7-b31

jdk7-b32

jdk7-b33

jdk7-b34

jdk7-b35

jdk7-b36

jdk7-b37

jdk7-b38

jdk7-b39

jdk7-b40

jdk7-b41

jdk7-b42

jdk7-b43

jdk7-b44

jdk7-b45

jdk-15.*

jdk-15.0.1+1

jdk-15.0.1+2

jdk-15.0.1+3

jdk-15.0.1+4

jdk-15.0.1+5

jdk-15.0.1+6

jdk-15.0.1+7

jdk-15.0.1+8

jdk-15.0.1+9

jdk-15.0.1-ga

jdk-15.0.2+0

jdk-15.0.2+1

jdk-15.0.2+2

jdk-15.0.2+3

jdk-15.0.2+4

jdk-15.0.2+5

jdk-15.0.2+6

jdk-15.0.2+7

jdk-15.0.2-ga

jdk-15.0.3+0

jdk-15.0.3+1

jdk-15.0.3+2

jdk-15.0.3+3

jdk-15.0.3-ga

jdk-15.0.4+0

jdk-15.0.4+1

jdk-15.0.4+2

jdk-15.0.4+3

jdk-15.0.4+4

jdk-15.0.4+5

jdk-15.0.4-ga

jdk-15.0.5+0

jdk-15.0.5+1

jdk-15.0.5+2

jdk-15.0.5+3

jdk-15.0.5-ga

vm-19.*

vm-19.3.2

vm-19.3.2-pre

vm-19.3.3

vm-19.3.4

vm-19.3.5

vm-19.3.6

vm-20.*

vm-20.0.1

vm-20.1.0

vm-20.2.0

vm-20.3.0

vm-20.3.1

vm-20.3.1.2

vm-20.3.2

vm-20.3.3

vm-20.3.4

vm-21.*

vm-21.0.0

vm-21.0.0.2

vm-21.1.0

vm-21.2.0

vm-21.3.0