Is Spectrum vulnerable to CVE-2024-20918 and CVE-2024-20952?

search cancel

Is Spectrum vulnerable to CVE-2024-20918 and CVE-2024-20952?

book

Article ID: 279828

calendar_today

Updated On:

Products

Spectrum

Issue/Introduction

As per these CVEs, we are not vulnerable. Please see the note below.

This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code

This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. We won’t run any untrusted code.

Environment

Spectrum 22.2.x, 23.3.x

Cause

The related vulnerabilities are described here : https://adoptium.net/blog/2024/01/eclipse-temurin-8u402-11022-1710-and-2102-available

Resolution

The solution was delivered in Spectrum 23.3.8, where the java version embedded is 17.0.10, which addresses these CVE´s.

Feedback

thumb_up Yes

thumb_down No