CVE-2021-41041

MEDIUM

Eclipse Openj9 <0.32.0 - Code Injection

Title source: llm
STIX 2.1

Description

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/eclipse-openj9/openj9/pull/14935
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugs.eclipse.org/bugs/show_bug.cgi?id=579744

Scores

CVSS v3 5.3
EPSS 0.0092
EPSS Percentile 55.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-252 CWE-843 CWE-908
Status published
Products (3)
eclipse/openj9 < 0.32.0
oracle/java_se 8
oracle/java_se 11
Published Apr 27, 2022
Tracked Since Feb 18, 2026