Bug 2257850 (CVE-2024-20926) - CVE-2024-20926 OpenJDK: arbitrary Java code execution in Nashorn (8314284)
Summary: CVE-2024-20926 OpenJDK: arbitrary Java code execution in Nashorn (8314284)
Keywords:
Status: NEW
Alias: CVE-2024-20926
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2257303
Blocks: 2257260
TreeView+ depends on / blocked
 
Reported: 2024-01-11 10:04 UTC by Mauro Matteo Cascella
Modified: 2024-02-21 19:15 UTC (History)
11 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2024:0309 0 None None None 2024-01-22 01:01:34 UTC
Red Hat Product Errata RHBA-2024:0314 0 None None None 2024-01-22 03:26:17 UTC
Red Hat Product Errata RHBA-2024:0321 0 None None None 2024-01-22 14:00:28 UTC
Red Hat Product Errata RHBA-2024:0324 0 None None None 2024-01-22 18:01:33 UTC
Red Hat Product Errata RHBA-2024:0326 0 None None None 2024-01-22 18:05:12 UTC
Red Hat Product Errata RHBA-2024:0327 0 None None None 2024-01-22 17:59:02 UTC
Red Hat Product Errata RHBA-2024:0377 0 None None None 2024-01-23 17:17:54 UTC
Red Hat Product Errata RHBA-2024:0492 0 None None None 2024-01-25 13:00:26 UTC
Red Hat Product Errata RHBA-2024:0493 0 None None None 2024-01-25 13:07:01 UTC
Red Hat Product Errata RHBA-2024:0496 0 None None None 2024-01-25 14:35:13 UTC
Red Hat Product Errata RHBA-2024:0535 0 None None None 2024-01-29 01:16:31 UTC
Red Hat Product Errata RHBA-2024:0560 0 None None None 2024-01-30 10:53:58 UTC
Red Hat Product Errata RHBA-2024:0567 0 None None None 2024-01-30 13:27:25 UTC
Red Hat Product Errata RHBA-2024:0707 0 None None None 2024-02-06 18:43:55 UTC
Red Hat Product Errata RHBA-2024:0708 0 None None None 2024-02-06 18:44:17 UTC
Red Hat Product Errata RHBA-2024:0784 0 None None None 2024-02-12 13:13:27 UTC
Red Hat Product Errata RHBA-2024:0787 0 None None None 2024-02-12 14:57:42 UTC
Red Hat Product Errata RHBA-2024:0935 0 None None None 2024-02-21 19:15:58 UTC
Red Hat Product Errata RHSA-2024:0222 0 None None None 2024-01-17 13:54:47 UTC
Red Hat Product Errata RHSA-2024:0223 0 None None None 2024-01-17 15:56:06 UTC
Red Hat Product Errata RHSA-2024:0224 0 None None None 2024-01-17 15:44:31 UTC
Red Hat Product Errata RHSA-2024:0225 0 None None None 2024-01-17 09:01:31 UTC
Red Hat Product Errata RHSA-2024:0226 0 None None None 2024-01-17 15:57:43 UTC
Red Hat Product Errata RHSA-2024:0228 0 None None None 2024-01-17 19:06:58 UTC
Red Hat Product Errata RHSA-2024:0230 0 None None None 2024-01-17 13:55:03 UTC
Red Hat Product Errata RHSA-2024:0231 0 None None None 2024-01-17 14:00:58 UTC
Red Hat Product Errata RHSA-2024:0232 0 None None None 2024-01-17 15:56:26 UTC
Red Hat Product Errata RHSA-2024:0233 0 None None None 2024-01-17 16:52:54 UTC
Red Hat Product Errata RHSA-2024:0234 0 None None None 2024-01-17 09:01:42 UTC
Red Hat Product Errata RHSA-2024:0235 0 None None None 2024-01-17 17:51:27 UTC
Red Hat Product Errata RHSA-2024:0237 0 None None None 2024-01-17 19:15:08 UTC
Red Hat Product Errata RHSA-2024:0239 0 None None None 2024-01-17 14:01:06 UTC
Red Hat Product Errata RHSA-2024:0265 0 None None None 2024-01-17 18:59:35 UTC
Red Hat Product Errata RHSA-2024:0266 0 None None None 2024-01-18 18:06:45 UTC

Description Mauro Matteo Cascella 2024-01-11 10:04:08 UTC 
It was discovered that the Nashorn JavaScript engine in the Scripting component of OpenJDK could allow arbitrary Java code execution even when the "--no-java" option was set. An untrusted JavaScript executed by Nashorn could exploit this flaw to bypass intended restrictions.
Comment 5 errata-xmlrpc 2024-01-17 09:01:30 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0225 https://access.redhat.com/errata/RHSA-2024:0225
Comment 6 errata-xmlrpc 2024-01-17 09:01:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2024:0234 https://access.redhat.com/errata/RHSA-2024:0234
Comment 7 errata-xmlrpc 2024-01-17 13:54:46 UTC 
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u402

Via RHSA-2024:0222 https://access.redhat.com/errata/RHSA-2024:0222
Comment 8 errata-xmlrpc 2024-01-17 13:55:02 UTC 
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 8u402

Via RHSA-2024:0230 https://access.redhat.com/errata/RHSA-2024:0230
Comment 9 errata-xmlrpc 2024-01-17 14:00:56 UTC 
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.22

Via RHSA-2024:0231 https://access.redhat.com/errata/RHSA-2024:0231
Comment 10 errata-xmlrpc 2024-01-17 14:01:05 UTC 
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK 11.0.22

Via RHSA-2024:0239 https://access.redhat.com/errata/RHSA-2024:0239
Comment 11 errata-xmlrpc 2024-01-17 15:44:29 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0224 https://access.redhat.com/errata/RHSA-2024:0224
Comment 12 errata-xmlrpc 2024-01-17 15:56:05 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0223 https://access.redhat.com/errata/RHSA-2024:0223
Comment 13 errata-xmlrpc 2024-01-17 15:56:25 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2024:0232 https://access.redhat.com/errata/RHSA-2024:0232
Comment 14 errata-xmlrpc 2024-01-17 15:57:42 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0226 https://access.redhat.com/errata/RHSA-2024:0226
Comment 15 errata-xmlrpc 2024-01-17 16:52:53 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2024:0233 https://access.redhat.com/errata/RHSA-2024:0233
Comment 16 errata-xmlrpc 2024-01-17 17:51:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2024:0235 https://access.redhat.com/errata/RHSA-2024:0235
Comment 17 errata-xmlrpc 2024-01-17 18:59:34 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support
  Red Hat Enterprise Linux 8
  Red Hat Enterprise Linux 9.2 Extended Update Support
  Red Hat Enterprise Linux 9

Via RHSA-2024:0265 https://access.redhat.com/errata/RHSA-2024:0265
Comment 18 errata-xmlrpc 2024-01-17 19:06:57 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0228 https://access.redhat.com/errata/RHSA-2024:0228
Comment 19 errata-xmlrpc 2024-01-17 19:15:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2024:0237 https://access.redhat.com/errata/RHSA-2024:0237
Comment 20 errata-xmlrpc 2024-01-18 18:06:44 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support
  Red Hat Enterprise Linux 8
  Red Hat Enterprise Linux 9.2 Extended Update Support
  Red Hat Enterprise Linux 9

Via RHSA-2024:0266 https://access.redhat.com/errata/RHSA-2024:0266
Comment 24 Mauro Matteo Cascella 2024-02-14 20:17:19 UTC 
OpenJDK-8 upstream commit:
https://github.com/openjdk/jdk8u/commit/5e0e2bf0baa0b8b5d36deae548c27b2608fb539f

OpenJDK-11 upstream commit:
https://github.com/openjdk/jdk11u/commit/8fe2b2959e174c8d8263bb5a8d68672c99fd7b5f
Comment 25 Mauro Matteo Cascella 2024-02-15 09:21:37 UTC 
Oracle CPU January 2024:

https://www.oracle.com/security-alerts/cpujan2024.html#AppendixJAVA

Fixed in Oracle Java SE 8u401, 8u401-perf, 11.0.22.

Release notes:
https://www.oracle.com/java/technologies/javase/8u401-relnotes.html
https://www.oracle.com/java/technologies/javase/8u401-perf-relnotes.html
https://www.oracle.com/java/technologies/javase/11-0-22-relnotes.html
Note You need to log in before you can comment on or make changes to this bug.