Site icon 지락문화예술공작단

USN-5898-1: OpenJDK vulnerabilities

USN-5898-1: OpenJDK vulnerabilities

It was discovered that the Serialization component of OpenJDK did not
properly handle the deserialization of some CORBA objects. An attacker
could possibly use this to bypass Java sandbox restrictions.
(CVE-2023-21830)

Markus Loewe discovered that the Java Sound subsystem in OpenJDK did not
properly validate the origin of a Soundbank. An attacker could use this to
specially craft an untrusted Java application or applet that could load a
Soundbank from an attacker controlled remote URL. (CVE-2023-21843)
Source: USN-5898-1: OpenJDK vulnerabilities

Exit mobile version