Graalvm@20.3.4 Security Vulnerabilities and Issues — Graalvm@20.3.4 CVE List

Lucene search

OracleGraalvm20.3.4

21 matches found

CVE•added 2021/03/23 12:15 a.m.•330 views

CVE-2021-21349

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream. No user is affe...

8.6CVSS7.8AI score0.04076EPSS

CVE•added 2022/01/19 12:15 p.m.•315 views

CVE-2022-21305

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5.3CVSS4.7AI score0.00259EPSS

CVE•added 2022/01/19 12:15 p.m.•301 views

CVE-2022-21248

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Difficult to exploit vulnerabili...

4.3CVSS3.8AI score0.00111EPSS

CVE•added 2022/01/19 12:15 p.m.•293 views

CVE-2022-21299

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows u...

5.3CVSS4.9AI score0.00083EPSS

CVE•added 2022/01/19 12:15 p.m.•283 views

CVE-2022-21291

5.3CVSS4.7AI score0.00141EPSS

CVE•added 2022/01/19 12:15 p.m.•283 views

CVE-2022-21341

5.3CVSS4.8AI score0.00183EPSS

CVE•added 2022/01/19 12:15 p.m.•281 views

CVE-2022-21293

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability all...

5.3CVSS4.8AI score0.00157EPSS

CVE•added 2022/01/19 12:15 p.m.•273 views

CVE-2022-21282

5.3CVSS4.5AI score0.00296EPSS

CVE•added 2022/01/19 12:15 p.m.•272 views

CVE-2022-21340

5.3CVSS4.8AI score0.08274EPSS

CVE•added 2022/01/19 12:15 p.m.•271 views

CVE-2022-21294

5.3CVSS4.8AI score0.00183EPSS

CVE•added 2022/01/19 12:15 p.m.•269 views

CVE-2022-21296

5.3CVSS4.5AI score0.00296EPSS

CVE•added 2022/01/19 12:15 p.m.•258 views

CVE-2022-21365

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allow...

5.3CVSS4.8AI score0.00183EPSS

CVE•added 2022/01/19 12:15 p.m.•254 views

CVE-2022-21283

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenti...

5.3CVSS4.8AI score0.00159EPSS

CVE•added 2021/11/03 8:15 p.m.•253 views

CVE-2021-22960

The parse function in llhttp < 2.1.4 and

6.5CVSS7.2AI score0.00177EPSS

CVE•added 2022/01/19 12:15 p.m.•252 views

CVE-2022-21360

5.3CVSS4.8AI score0.00183EPSS

CVE•added 2022/01/19 12:15 p.m.•248 views

CVE-2022-21366

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthentica...

5.3CVSS4.7AI score0.00139EPSS

CVE•added 2019/11/08 3:15 p.m.•238 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01864EPSS

CVE•added 2022/01/19 12:15 p.m.•237 views

CVE-2022-21277

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: ImageIO). Supported versions that are affected are Oracle Java SE: 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthentica...

5.3CVSS4.7AI score0.00139EPSS

CVE•added 2022/01/19 12:15 p.m.•237 views

CVE-2022-21349

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Supported versions that are affected are Oracle Java SE: 7u321, 8u311; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated atta...

5.3CVSS4.7AI score0.00061EPSS

CVE•added 2021/11/15 3:15 p.m.•234 views

CVE-2021-22959

The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and

6.5CVSS7.1AI score0.00186EPSS

CVE•added 2022/01/19 12:15 p.m.•187 views

CVE-2022-21271

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unau...

5.3CVSS4.6AI score0.00608EPSS