It was discovered that the Libraries component of OpenJDK failed to properly check array object type VarHandle in certain cases. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
Affected functionality - VarHandle - was only introduced in OpenJDK 9.
Public now via Oracle CPU April 2018:
The issue was fixed in Oracle JDK 10.0.1.
OpenJDK 10 upstream commit: