CVE-2022-21248 An Oracle Java SE, Oracle GraalVM Enterprise Edition product has a vulnerability.

CVE-2022-21248 An Oracle Java SE, Oracle GraalVM Enterprise Edition product has a vulnerability.

by using the XML parsing APIs, or by sending specially crafted requests. The attacker must host the code on an insecure web server, or provide a link to the code. Access to these APIs can be disabled by setting the graal.serialization.enabled property to false. [CVE-2018-13087] - Improper Initialization of the Graal Compiler Service. [CVE-2018-13088] - Improper Restriction of the Permissions of the Graal Native Code Generator. - Data Injection Vulnerability in the Oracle JDK. [CVE-2018-13089] - Improper Restriction of the Permissions of the Graal Native Code Generator. - Unrestricted Upload of Code via the Java Web Console. - Unrestricted Upload of Code via the Java Debugger. - Incorrect Access Control for User-Defined Classes and Packages. - Improper Restriction of the Permissions of the Graal Native Code Generator. - Data Injection Vulnerability in the Oracle JDK. [CVE-2018-13090] - Improper Restriction of the Permissions of the Graal Native Code Generator. - Unrestricted Upload of Code via the Java Web Console. - Unrestricted Upload of Code via the Java Debugger. - Incorrect Access Control for User-Defined Classes and Packages. Oracle has provided a security release to address these vulnerabilities. Interested parties can find information about the security release at: https://blogs.oracle.

What is Oracle Graal?

Oracle Graal is an implementation of the Java Virtual Machine that can be used as a compiler, just like the JDK. Oracle’s goal is to enable developers to use Java features without having to compile their code themselves. In addition, Oracle hopes that by providing a more feature-rich java compiler they will be able to build a developer product that will replace the paid version of Oracle JDK.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe