CVE-2022-21540

Public on 2022-07-18
Modified on 2024-01-17
Description
Generated code produced by C1 may leak a package-private class to a class from a different package.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 java-1.7.0-openjdk 2022-09-01 ALAS-2022-1633 Fixed
Amazon Linux 2 - Core java-1.7.0-openjdk 2022-09-01 ALAS2-2022-1835 Fixed
Amazon Linux 2 - Corretto8 Extra java-1.8.0-amazon-corretto 2022-07-19 ALAS2CORRETTO8-2022-003 Fixed
Amazon Linux 2023 java-1.8.0-amazon-corretto Not Affected
Amazon Linux 1 java-1.8.0-openjdk 2022-08-15 ALAS-2022-1631 Fixed
Amazon Linux 2 - Core java-1.8.0-openjdk 2022-09-01 ALAS2-2022-1836 Fixed
Amazon Linux 2 - Core java-11-amazon-corretto 2022-07-19 ALAS2-2022-1822 Fixed
Amazon Linux 2023 java-11-amazon-corretto Not Affected
Amazon Linux 2 - Java-openjdk11 Extra java-11-openjdk 2022-09-01 ALAS2JAVA-OPENJDK11-2022-002 Fixed
Amazon Linux 2023 java-11-openjdk Not Affected
Amazon Linux 2 - Core java-17-amazon-corretto 2022-07-19 ALAS2-2022-1824 Fixed
Amazon Linux 2023 java-17-amazon-corretto Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
NVD CVSSv3 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N