Discovery API Icon
Discovery API
Security Advisory Icon
Security Advisory
Package Manager Icon
Package Manager
Liberica NIK25.0.2+1 (JDK 25.0.2+13)Security Advisory
Search Cve

CVE-2024-21098

Published: April 23, 2024Last modified: August 13, 2025

Description

Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).

Severity score breakdown

ParameterValue
Base score3.7
Attack VectorNETWORK
Attack complexityHIGH
Privileges requiredNONE
User interactionNONE
ScopeUNCHANGED
ConfidentialityNONE
Integrity impactNONE
Availability impactLOW
VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Status

ProductReleasePackageStatus
Liberica NIK23 (JDK 17)coreFixed (23.0.4+1)
fullFixed (23.0.4+1)
standardFixed (23.0.4+1)
23 (JDK 21)coreFixed (23.1.3+1)
fullFixed (23.1.3+1)
standardFixed (23.1.3+1)

References

ON THIS PAGE