Graalvm@19.3.0.2 Security Vulnerabilities and Issues — Graalvm@19.3.0.2 CVE List

Lucene search

OracleGraalvm19.3.0.2

7 matches found

CVE•added 2019/11/26 6:15 p.m.•406 views

CVE-2019-16255

Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allows code injection if the first argument (aka the "command" argument) to Shell#[] or Shell#test in lib/shell.rb is untrusted data. An attacker can exploit this to call an arbitrary Ruby method.

8.1CVSS8.2AI score0.02136EPSS

CVE•added 2019/12/13 1:15 a.m.•351 views

CVE-2019-16777

Versions of the npm CLI prior to 6.13.4 are vulnerable to an Arbitrary File Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a serve binary, any subsequent installs of p...

7.7CVSS6.8AI score0.00287EPSS

CVE•added 2020/01/15 5:15 p.m.•301 views

CVE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.1CVSS7.7AI score0.01815EPSS

CVE•added 2019/12/13 1:15 a.m.•246 views

CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenode_modules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package publ...

7.7CVSS7AI score0.003EPSS

CVE•added 2019/12/13 1:15 a.m.•212 views

CVE-2019-16776

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to modify and/or gai...

8.1CVSS7.4AI score0.00403EPSS

CVE•added 2020/01/15 5:15 p.m.•50 views

CVE-2020-2595

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: GraalVM Compiler). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalV...

5.8CVSS4.6AI score0.00868EPSS

CVE•added 2020/01/15 5:15 p.m.•43 views

CVE-2020-2581

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: LLVM Interpreter). The supported version that is affected is 19.3.0.2. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle GraalVM Enterprise Editi...

4CVSS3.4AI score0.00714EPSS