
We found results for “”
CVE-2022-31139
Good to know:


Date: July 11, 2022
UnsafeAccessor (UA) is a bridge to access jdk.internal.misc.Unsafe & sun.misc.Unsafe. Normally, if UA is loaded as a named module, the internal data of UA is protected by JVM and others can only access UA via UA's standard API. The main application can set up "SecurityCheck.AccessLimiter" for UA to limit access to UA. Starting with version 1.4.0 and prior to version 1.7.0, when "SecurityCheck.AccessLimiter" is set up, untrusted code can access UA without limitation, even when UA is loaded as a named module. This issue does not affect those for whom "SecurityCheck.AccessLimiter" is not set up. Version 1.7.0 contains a patch.
Language: Java
Severity Score
Related Resources (6)
Severity Score
Weakness Type (CWE)
Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | HIGH |
Privileges Required (PR): | NONE |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |
CVSS v2
Base Score: |
|
---|---|
Access Vector (AV): | NETWORK |
Access Complexity (AC): | MEDIUM |
Authentication (AU): | NONE |
Confidentiality (C): | PARTIAL |
Integrity (I): | NONE |
Availability (A): | NONE |
Additional information: |