CVE-2022-21540

Public on 2022-07-18
Modified on 2022-10-25
Description

Generated code produced by C1 may leak a package-private class to a class from a different package.

Severity
Medium
See what this means
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 java-1.7.0-openjdk 2022-09-01 17:24 ALAS-2022-1633
Amazon Linux 2 java-1.7.0-openjdk 2022-09-01 21:09 ALAS2-2022-1835
Amazon Linux 2 java-1.8.0-amazon-corretto 2022-07-19 16:09 ALAS2CORRETTO8-2022-003
Amazon Linux 1 java-1.8.0-openjdk 2022-08-15 18:37 ALAS-2022-1631
Amazon Linux 2 java-1.8.0-openjdk 2022-09-01 21:09 ALAS2-2022-1836
Amazon Linux 2 java-11-amazon-corretto 2022-07-19 00:38 ALAS2-2022-1822
Amazon Linux 2 java-11-openjdk 2022-09-01 22:12 ALAS2JAVA-OPENJDK11-2022-002
Amazon Linux 2 java-17-amazon-corretto 2022-07-19 01:19 ALAS2-2022-1824

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N