CVE-2022-39399 An issue was discovered in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE. The vulnerability could be exploited to execute arbitrary code.

code installed by an administrator). Unpatched clients, servers and end users can be compromised by this issue. Furthermore, for an application to be vulnerable, it must be running untrusted code. The application does not have to have been configured to run untrusted code.\ - CVE-2019-5209 A vulnerability when handling proxied connections, that existed in Oracle Java SE, Oracle GraalVM Enterprise Edition 17.1.1 and earlier, could allow an unauthenticated attacker to create a maliciously crafted HTTP request to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. This vulnerability had been exploited in the wild with the attack method being HTTP. Successful exploitation could result in the attacker being able to create a HTTP request that would be executed by the Java Virtual Machine, potentially compromising the confidentiality, integrity, and/or availability of Oracle Java SE, Oracle GraalVM Enterprise Edition. Unpatched clients, servers and end users can be compromised by this issue. Furthermore, for an application to be vulnerable, it must be running untrusted code. The application does not have to have been configured to run untrusted code.\ - CVE-2019-5110 A vulnerability when handling proxied connections, that existed in Oracle Java SE, Oracle GraalVM Enterprise Edition 17.1.1 and earlier, could allow an unauthenticated attacker to create a maliciously crafted HTTP request to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. This

What is Oracle GraalVM?

Oracle GraalVM Enterprise Edition is a JIT-based virtual machine, which means that it compiles Java bytecode into native machine code at runtime. This is an important distinction for Java Virtual Machines because unlike other JIT-based virtual machines, Oracle GraalVM does not have to be compiled ahead of time. Oracle GraalVM has been designed to scale from low-end devices with limited memory and computing resources to high-end devices equipped with multiple CPUs and large amounts of memory.
Oracle GraalVM uses the open source OpenJDK project as the basis for its design.

Timeline

Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/20/2022 05:21:00 UTC

References

• https://www.oracle.com/security-alerts/cpuoct2022.html
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39399