CVE-2021-41041

MEDIUM

Eclipse Openj9 <0.32.0 - Code Injection

Title source: llm

Description

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

References (2)

[Patch, Third Party Advisory] https://github.com/eclipse-openj9/openj9/pull/14935

[Issue Tracking, Third Party Advisory] https://bugs.eclipse.org/bugs/show_bug.cgi?id=579744

Scores

CVSS v3 5.3

EPSS 0.0008

EPSS Percentile 23.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE

CWE-252 CWE-843 CWE-908

Status published

Products (3)

eclipse/openj9 < 0.32.0

oracle/java_se 8

oracle/java_se 11

Published Apr 27, 2022

Tracked Since Feb 18, 2026