Vulnerability in Oracle GraalVM for JDK and Enterprise Edition
CVE-2024-20954

Currently unrated

Key Information:

Vendor
Oracle
Status
Graalvm
Graalvm For Jdk
Vendor
CVE Published:
16 April 2024

Summary

A vulnerability exists within the Oracle GraalVM for JDK and the GraalVM Enterprise Edition, affecting specific versions of these products. Unauthenticated attackers with network access can exploit this vulnerability via multiple protocols, potentially gaining unauthorized read access to a subset of accessible data. The vulnerability complicates security measures, making it crucial for users to review their configurations and implement necessary updates to safeguard against potential data exfiltration.

References

https://www.oracle.com/security-alerts/cpuapr2024.html

Timeline

  • Vulnerability published

.