A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. This flaw allows an untrusted Java application or applet to bypass Java sandbox restrictions.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | java-1.7.0-openjdk | 2020-05-08 20:10 | ALAS-2020-1365 |
Amazon Linux 2 - Core | java-1.7.0-openjdk | 2020-05-08 20:58 | ALAS2-2020-1424 |
Amazon Linux 1 | java-1.8.0-openjdk | 2023-08-21 12:14 | ALAS-2023-1809 |
Amazon Linux 2 - Core | java-1.8.0-openjdk | 2020-05-05 01:18 | ALAS2-2020-1421 |
Amazon Linux 2 - Core | java-11-amazon-corretto | 2020-04-14 23:16 | ALAS2-2020-1410 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 5.1 | AV:N/AC:H/Au:N/C:P/I:P/A:P |
NVD | CVSSv3 | 8.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H |