CVE-2023-21968

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-21968
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-21968.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-21968
Related
Published
2023-04-18T20:15:16Z
Modified
2024-10-12T11:24:18.992201Z
Severity
  • 3.7 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).

References

Affected packages

Debian:11 / openjdk-11

Package

Name
openjdk-11
Purl
pkg:deb/debian/openjdk-11?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
11.0.20+8-1~deb11u1

Affected versions

11.*

11.0.12+7-2
11.0.13+8-1~deb10u1
11.0.13+8-1~deb11u1
11.0.13+8-1
11.0.14+9-1~deb10u1
11.0.14+9-1~deb11u1
11.0.14+9-1
11.0.14.1+1-1
11.0.15+10-1~deb10u1
11.0.15+10-1~deb11u1
11.0.15+10-1
11.0.16+8-1~deb10u1
11.0.16+8-1~deb11u1
11.0.16+8-1
11.0.17+8-1
11.0.17+8-2
11.0.18+10-1~deb10u1
11.0.18+10-1~deb11u1
11.0.18+10-1
11.0.19+7-1
11.0.19+7+really11.0.11+9-1+b2
11.0.20~7-1
11.0.20+8-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.7+7-1~deb11u1

Affected versions

Other

17~19-1
17~24-1
17~27-1
17~29-1
17~31ea-1
17~33ea-1
17~35ea-1
17+35-1

17.*

17.0.1+12-1
17.0.1+12-1+deb11u1
17.0.1+12-1+deb11u2
17.0.2+8-1~deb11u1
17.0.2+8-1
17.0.3+7-1~deb11u1
17.0.3+7-1
17.0.4+8-1~deb11u1
17.0.4+8-1
17.0.5+8-1
17.0.5+8-2
17.0.6+10-1~deb11u1
17.0.6+10-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.7+7-1~deb12u1

Affected versions

17.*

17.0.6+10-1
17.0.7+7-1~deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / openjdk-17

Package

Name
openjdk-17
Purl
pkg:deb/debian/openjdk-17?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
17.0.7+7-1

Affected versions

17.*

17.0.6+10-1
17.0.7+7-1~deb11u1
17.0.7+7-1~deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/graalvm/graalvm-ce-builds

Affected ranges

Type
GIT
Repo
https://github.com/graalvm/graalvm-ce-builds
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
Type
GIT
Repo
https://github.com/openjdk/jdk
Events

Affected versions

Other

jdk7-b100
jdk7-b101
jdk7-b102
jdk7-b103
jdk7-b104
jdk7-b105
jdk7-b106
jdk7-b107
jdk7-b108
jdk7-b109
jdk7-b110
jdk7-b111
jdk7-b112
jdk7-b113
jdk7-b114
jdk7-b115
jdk7-b116
jdk7-b117
jdk7-b118
jdk7-b119
jdk7-b120
jdk7-b121
jdk7-b122
jdk7-b123
jdk7-b124
jdk7-b125
jdk7-b126
jdk7-b127
jdk7-b128
jdk7-b129
jdk7-b130
jdk7-b131
jdk7-b132
jdk7-b133
jdk7-b134
jdk7-b135
jdk7-b136
jdk7-b137
jdk7-b138
jdk7-b139
jdk7-b140
jdk7-b141
jdk7-b142
jdk7-b143
jdk7-b144
jdk7-b145
jdk7-b146
jdk7-b147
jdk7-b24
jdk7-b25
jdk7-b26
jdk7-b27
jdk7-b28
jdk7-b29
jdk7-b30
jdk7-b31
jdk7-b32
jdk7-b33
jdk7-b34
jdk7-b35
jdk7-b36
jdk7-b37
jdk7-b38
jdk7-b39
jdk7-b40
jdk7-b41
jdk7-b42
jdk7-b43
jdk7-b44
jdk7-b45
jdk7-b46
jdk7-b47
jdk7-b48
jdk7-b49
jdk7-b50
jdk7-b51
jdk7-b52
jdk7-b53
jdk7-b54
jdk7-b55
jdk7-b56
jdk7-b57
jdk7-b58
jdk7-b59
jdk7-b60
jdk7-b61
jdk7-b62
jdk7-b63
jdk7-b64
jdk7-b65
jdk7-b66
jdk7-b67
jdk7-b68
jdk7-b69
jdk7-b70
jdk7-b71
jdk7-b72
jdk7-b73
jdk7-b74
jdk7-b75
jdk7-b76
jdk7-b77
jdk7-b78
jdk7-b79
jdk7-b80
jdk7-b81
jdk7-b82
jdk7-b83
jdk7-b84
jdk7-b85
jdk7-b86
jdk7-b87
jdk7-b88
jdk7-b89
jdk7-b90
jdk7-b91
jdk7-b92
jdk7-b93
jdk7-b94
jdk7-b95
jdk7-b96
jdk7-b97
jdk7-b98
jdk7-b99
jdk8-b01
jdk8-b02
jdk8-b03
jdk8-b04
jdk8-b05
jdk8-b06
jdk8-b07
jdk8-b08
jdk8-b09
jdk8-b10
jdk8-b11
jdk8-b12
jdk8-b13
jdk8-b14
jdk8-b15
jdk8-b16
jdk8-b17
jdk8-b18
jdk8-b19
jdk8-b20

vm-19.*

vm-19.3.0
vm-19.3.0.2
vm-19.3.1
vm-19.3.2
vm-19.3.2-pre
vm-19.3.3
vm-19.3.4
vm-19.3.5
vm-19.3.6

vm-20.*

vm-20.0.0
vm-20.0.1
vm-20.1.0
vm-20.2.0
vm-20.3.0
vm-20.3.1
vm-20.3.1.2
vm-20.3.2
vm-20.3.3
vm-20.3.4
vm-20.3.5
vm-20.3.6

vm-21.*

vm-21.0.0
vm-21.0.0.2
vm-21.1.0
vm-21.2.0
vm-21.3.0
vm-21.3.1
vm-21.3.2
vm-21.3.3
vm-21.3.3.1

vm-22.*

vm-22.0.0.2
vm-22.1.0
vm-22.2.0
vm-22.3.0
vm-22.3.1
vm-22.3.2

vm-ce-21.*

vm-ce-21.2.0