CVE-2024-20955

🗓️ 16 Jan 2024 21:41:20Reported by oracleType

Vulnerability in Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition, allows unauthenticated attacker to compromise and gain unauthorized read access to data. CVSS 3.1 Base Score: 3.

Reporter	Title	Published	Views	Family All 21
AlpineLinux	CVE-2024-20955	16 Jan 202421:41	–	alpinelinux
Circl	CVE-2024-20955	9 Feb 202417:21	–	circl
CNNVD	Security Vulnerabilities in Selected Oracle Products	16 Jan 202400:00	–	cnnvd
Cvelist	CVE-2024-20955	16 Jan 202421:41	–	cvelist
EUVD	EUVD-2024-18669	3 Oct 202520:07	–	euvd
F5 Networks	K000138850: OpenJDK vulnerabilities CVE-2024-20918, CVE-2024-20925, CVE-2024-20945, CVE-2024-20952, and CVE-2024-20955	6 Mar 202422:53	–	f5
Kaspersky	KLA63108 Multiple vulnerabilities in Oracle Java SE and GraalVM	16 Jan 202400:00	–	kaspersky
NCSC	Vulnerabilities fixed in Oracle Java SE	18 Jan 202400:00	–	ncsc
NVD	CVE-2024-20955	16 Jan 202422:15	–	nvd
Oracle	Oracle Critical Patch Update Advisory - January 2024	16 Jan 202400:00	–	oracle

NVD

Vulners

Node

oracle graalvmMatch20.3.12enterprise

oracle graalvmMatch21.3.8enterprise

oracle graalvmMatch22.3.4enterprise

oracle graalvm_for_jdkMatch17.0.9

oracle graalvm_for_jdkMatch21.0.1

[
  {
    "vendor": "Oracle Corporation",
    "product": "GraalVM Enterprise Edition",
    "versions": [
      {
        "version": "Oracle GraalVM for JDK:17.0.9",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM for JDK:21.0.1",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:20.3.12",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:21.3.8",
        "status": "affected"
      },
      {
        "version": "Oracle GraalVM Enterprise Edition:22.3.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
oracle	www.oracle.com/security-alerts/cpujan2024.html

03 Jun 2025 19:15Current

3Low risk

Vulners AI Score3

CVSS 3.13.7

EPSS0.00508

SSVC

CWE-200