CVE-2023-21939

CWE-20Improper Input Validation8 documents8 sources
Severity
5.3MEDIUM
EPSS
1.9%
top 16.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Oracle OpenjdkOracle Corporation Java SE JDK AND JREDebian Debian Linux+3 more
Timeline
PublishedApr 18
Latest updateMay 16

Description

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthoriz

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

NVDoracle/graalvm20.3.9, 21.3.5, 22.3.1+2
NVDoracle/openjdk1111.0.18+4
NVDoracle/jdk4 versions+3
NVDoracle/jre4 versions+3

Also affects: Debian Linux 10.0, 11.0, 12.0

🔴Vulnerability Details

3
GHSA
GHSA-xfrf-5cgw-f964: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing)2023-04-18
CVEList
CVE-2023-21939: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing)2023-04-18
OSV
CVE-2023-21939: Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing)2023-04-18

📋Vendor Advisories

4
Ubuntu
OpenJDK vulnerabilities2023-05-16
Red Hat
OpenJDK: Swing HTML parsing issue (8296832)2023-04-18
Oracle
Oracle Oracle Java SE Risk Matrix: Swing — CVE-2023-219392023-04-15
Debian
CVE-2023-21939: openjdk-11 - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product o...2023
CVE-2023-21939 (MEDIUM CVSS 5.3) | Vulnerability in the Oracle Java SE | cvebase.io