CVE-2021-41035

Опубликовано: 25 окт. 2021

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.

Ссылки

https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395
Vendor Advisory
https://github.com/eclipse-openj9/openj9/pull/13740
Patch
Third Party Advisory
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/104
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
https://bugs.eclipse.org/bugs/show_bug.cgi?id=576395
Vendor Advisory
https://github.com/eclipse-openj9/openj9/pull/13740
Patch
Third Party Advisory
https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/104
Vendor Advisory
https://security.netapp.com/advisory/ntap-20240621-0006/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*

Версия до 0.29.0 (исключая)

EPSS

Процентиль: 35%

0.00147

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-250

NVD-CWE-Other

Связанные уязвимости

CVE-2021-41035

CVSS3: 5.3

redhat

около 4 лет назад

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.

GHSA-cj9m-62w3-rj89

CVSS3: 9.8

github

больше 3 лет назад

In Eclipse Openj9 before version 0.29.0, the JVM does not throw IllegalAccessError for MethodHandles that invoke inaccessible interface methods.

SUSE-SU-2022:14875-1

suse-cvrf

около 4 лет назад

Security update for java-1_7_1-ibm

SUSE-SU-2022:0166-1

suse-cvrf

около 4 лет назад

Security update for java-1_7_1-ibm

openSUSE-SU-2022:0108-1

suse-cvrf

около 4 лет назад

Security update for java-1_8_0-ibm

EPSS

Процентиль: 35%

0.00147

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-250

NVD-CWE-Other