Risk | High |
Patch available | YES |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2024-1938 CVE-2024-1939 |
CWE-ID | CWE-843 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #2 is available. |
Vulnerable software |
Fedora Operating systems & Components / Operating system xz-java Operating systems & Components / Operating system package or component xstream Operating systems & Components / Operating system package or component xmvn-generator Operating systems & Components / Operating system package or component xmvn-connector-ivy Operating systems & Components / Operating system package or component xmvn Operating systems & Components / Operating system package or component xmlunit Operating systems & Components / Operating system package or component xmlstreambuffer Operating systems & Components / Operating system package or component xmlpull Operating systems & Components / Operating system package or component xmlgraphics-commons Operating systems & Components / Operating system package or component xml-maven-plugin Operating systems & Components / Operating system package or component xml-commons-resolver Operating systems & Components / Operating system package or component xml-commons-apis Operating systems & Components / Operating system package or component xerces-j2 Operating systems & Components / Operating system package or component xbean Operating systems & Components / Operating system package or component xalan-j2 Operating systems & Components / Operating system package or component wsdl4j Operating systems & Components / Operating system package or component ws-commons-util Operating systems & Components / Operating system package or component will-crash Operating systems & Components / Operating system package or component weld-parent Operating systems & Components / Operating system package or component voms-clients-java Operating systems & Components / Operating system package or component voms-api-java Operating systems & Components / Operating system package or component velocity Operating systems & Components / Operating system package or component vecmath1.2 Operating systems & Components / Operating system package or component univocity-parsers Operating systems & Components / Operating system package or component truth Operating systems & Components / Operating system package or component trilead-ssh2 Operating systems & Components / Operating system package or component treelayout Operating systems & Components / Operating system package or component tomcat-taglibs-parent Operating systems & Components / Operating system package or component tomcat-native Operating systems & Components / Operating system package or component tomcat Operating systems & Components / Operating system package or component testng Operating systems & Components / Operating system package or component tagsoup Operating systems & Components / Operating system package or component t-digest Operating systems & Components / Operating system package or component swing-layout Operating systems & Components / Operating system package or component subversion Operating systems & Components / Operating system package or component string-template-maven-plugin Operating systems & Components / Operating system package or component spice-parent Operating systems & Components / Operating system package or component spec-version-maven-plugin Operating systems & Components / Operating system package or component snip Operating systems & Components / Operating system package or component snakeyaml Operating systems & Components / Operating system package or component slf4j Operating systems & Components / Operating system package or component sisu-mojos Operating systems & Components / Operating system package or component sisu Operating systems & Components / Operating system package or component sequence-library Operating systems & Components / Operating system package or component sdljava Operating systems & Components / Operating system package or component scannotation Operating systems & Components / Operating system package or component scala Operating systems & Components / Operating system package or component sblim-cim-client Operating systems & Components / Operating system package or component sat4j Operating systems & Components / Operating system package or component sac Operating systems & Components / Operating system package or component rundoc Operating systems & Components / Operating system package or component rsyntaxtextarea Operating systems & Components / Operating system package or component rstudio Operating systems & Components / Operating system package or component rhino Operating systems & Components / Operating system package or component replacer Operating systems & Components / Operating system package or component relaxng-datatype-java Operating systems & Components / Operating system package or component regexp Operating systems & Components / Operating system package or component reflections Operating systems & Components / Operating system package or component qdox Operating systems & Components / Operating system package or component python-javaobj Operating systems & Components / Operating system package or component prometheus-simpleclient-java Operating systems & Components / Operating system package or component prometheus-jmx-exporter Operating systems & Components / Operating system package or component proguard Operating systems & Components / Operating system package or component postgresql-jdbc Operating systems & Components / Operating system package or component plexus-xml Operating systems & Components / Operating system package or component plexus-velocity Operating systems & Components / Operating system package or component plexus-utils Operating systems & Components / Operating system package or component plexus-testing Operating systems & Components / Operating system package or component plexus-sec-dispatcher Operating systems & Components / Operating system package or component plexus-resources Operating systems & Components / Operating system package or component plexus-pom Operating systems & Components / Operating system package or component plexus-languages Operating systems & Components / Operating system package or component plexus-io Operating systems & Components / Operating system package or component plexus-interpolation Operating systems & Components / Operating system package or component plexus-i18n Operating systems & Components / Operating system package or component plexus-containers Operating systems & Components / Operating system package or component plexus-components-pom Operating systems & Components / Operating system package or component plexus-compiler Operating systems & Components / Operating system package or component plexus-classworlds Operating systems & Components / Operating system package or component plexus-cipher Operating systems & Components / Operating system package or component plexus-build-api0 Operating systems & Components / Operating system package or component plexus-build-api Operating systems & Components / Operating system package or component plexus-archiver Operating systems & Components / Operating system package or component plantuml Operating systems & Components / Operating system package or component picocli Operating systems & Components / Operating system package or component pentaho-reporting-flow-engine Operating systems & Components / Operating system package or component pentaho-libxml Operating systems & Components / Operating system package or component pdftk-java Operating systems & Components / Operating system package or component pcfi Operating systems & Components / Operating system package or component osgi-core Operating systems & Components / Operating system package or component osgi-compendium Operating systems & Components / Operating system package or component osgi-annotation Operating systems & Components / Operating system package or component options Operating systems & Components / Operating system package or component opentest4j Operating systems & Components / Operating system package or component openni Operating systems & Components / Operating system package or component openjfx8 Operating systems & Components / Operating system package or component openjfx Operating systems & Components / Operating system package or component openjdk-asmtools7 Operating systems & Components / Operating system package or component octave Operating systems & Components / Operating system package or component objenesis Operating systems & Components / Operating system package or component objectweb-asm Operating systems & Components / Operating system package or component nom-tam-fits Operating systems & Components / Operating system package or component nekohtml Operating systems & Components / Operating system package or component naga Operating systems & Components / Operating system package or component mysql-connector-java Operating systems & Components / Operating system package or component mxparser Operating systems & Components / Operating system package or component msv Operating systems & Components / Operating system package or component mojo-parent Operating systems & Components / Operating system package or component mojo-executor Operating systems & Components / Operating system package or component modulemaker-maven-plugin Operating systems & Components / Operating system package or component moditect Operating systems & Components / Operating system package or component modello Operating systems & Components / Operating system package or component mockito Operating systems & Components / Operating system package or component miglayout Operating systems & Components / Operating system package or component mecab-java Operating systems & Components / Operating system package or component maven-wagon Operating systems & Components / Operating system package or component maven-verifier-plugin Operating systems & Components / Operating system package or component maven-verifier Operating systems & Components / Operating system package or component maven-surefire Operating systems & Components / Operating system package or component maven-source-plugin Operating systems & Components / Operating system package or component maven-shared-utils Operating systems & Components / Operating system package or component maven-shared-io Operating systems & Components / Operating system package or component maven-shared-incremental Operating systems & Components / Operating system package or component maven-shade-plugin Operating systems & Components / Operating system package or component maven-resources-plugin Operating systems & Components / Operating system package or component maven-resolver Operating systems & Components / Operating system package or component maven-remote-resources-plugin Operating systems & Components / Operating system package or component maven-plugin-tools Operating systems & Components / Operating system package or component maven-plugin-testing Operating systems & Components / Operating system package or component maven-patch-plugin Operating systems & Components / Operating system package or component maven-parent Operating systems & Components / Operating system package or component maven-native Operating systems & Components / Operating system package or component maven-jar-plugin Operating systems & Components / Operating system package or component maven-filtering Operating systems & Components / Operating system package or component maven-file-management Operating systems & Components / Operating system package or component maven-enforcer Operating systems & Components / Operating system package or component maven-doxia-sitetools Operating systems & Components / Operating system package or component maven-doxia Operating systems & Components / Operating system package or component maven-dependency-tree Operating systems & Components / Operating system package or component maven-dependency-plugin Operating systems & Components / Operating system package or component maven-dependency-analyzer Operating systems & Components / Operating system package or component maven-compiler-plugin Operating systems & Components / Operating system package or component maven-common-artifact-filters Operating systems & Components / Operating system package or component maven-clean-plugin Operating systems & Components / Operating system package or component maven-bundle-plugin Operating systems & Components / Operating system package or component maven-assembly-plugin Operating systems & Components / Operating system package or component maven-artifact-transfer Operating systems & Components / Operating system package or component maven-archiver Operating systems & Components / Operating system package or component maven-antrun-plugin Operating systems & Components / Operating system package or component maven Operating systems & Components / Operating system package or component mariadb-java-client Operating systems & Components / Operating system package or component lucene Operating systems & Components / Operating system package or component log4j Operating systems & Components / Operating system package or component libvirt-java Operating systems & Components / Operating system package or component libserializer Operating systems & Components / Operating system package or component librepository Operating systems & Components / Operating system package or component libreoffice Operating systems & Components / Operating system package or component libloader Operating systems & Components / Operating system package or component liblayout Operating systems & Components / Operating system package or component libformula Operating systems & Components / Operating system package or component libfonts Operating systems & Components / Operating system package or component libbase Operating systems & Components / Operating system package or component ldapjdk Operating systems & Components / Operating system package or component laf-plugin Operating systems & Components / Operating system package or component kawa Operating systems & Components / Operating system package or component jzlib Operating systems & Components / Operating system package or component junit5 Operating systems & Components / Operating system package or component junit Operating systems & Components / Operating system package or component jtidy Operating systems & Components / Operating system package or component jssc Operating systems & Components / Operating system package or component jss Operating systems & Components / Operating system package or component jsr-305 Operating systems & Components / Operating system package or component jsoup Operating systems & Components / Operating system package or component json_simple Operating systems & Components / Operating system package or component jsch-agent-proxy Operating systems & Components / Operating system package or component jsch Operating systems & Components / Operating system package or component jorbis Operating systems & Components / Operating system package or component jolokia-jvm-agent Operating systems & Components / Operating system package or component jol Operating systems & Components / Operating system package or component jni-inchi Operating systems & Components / Operating system package or component jneuroml-core Operating systems & Components / Operating system package or component jna Operating systems & Components / Operating system package or component jmock Operating systems & Components / Operating system package or component jline2 Operating systems & Components / Operating system package or component jigawatts Operating systems & Components / Operating system package or component jgoodies-looks Operating systems & Components / Operating system package or component jgoodies-forms Operating systems & Components / Operating system package or component jgoodies-common Operating systems & Components / Operating system package or component jglobus Operating systems & Components / Operating system package or component jgit Operating systems & Components / Operating system package or component jfreechart Operating systems & Components / Operating system package or component jflex Operating systems & Components / Operating system package or component jetty Operating systems & Components / Operating system package or component jericho-html Operating systems & Components / Operating system package or component jdom2 Operating systems & Components / Operating system package or component jdom Operating systems & Components / Operating system package or component jdepend Operating systems & Components / Operating system package or component jdeparser Operating systems & Components / Operating system package or component jcuber Operating systems & Components / Operating system package or component jctools Operating systems & Components / Operating system package or component jcip-annotations Operating systems & Components / Operating system package or component jchardet Operating systems & Components / Operating system package or component jboss-parent Operating systems & Components / Operating system package or component jboss-logging-tools Operating systems & Components / Operating system package or component jboss-logging Operating systems & Components / Operating system package or component jboss-jaxrs-2.0-api Operating systems & Components / Operating system package or component jblas Operating systems & Components / Operating system package or component jaxen Operating systems & Components / Operating system package or component jaxb-stax-ex Operating systems & Components / Operating system package or component jaxb-istack-commons Operating systems & Components / Operating system package or component jaxb-fi Operating systems & Components / Operating system package or component jaxb-dtd-parser Operating systems & Components / Operating system package or component jaxb-api2 Operating systems & Components / Operating system package or component jaxb-api Operating systems & Components / Operating system package or component jaxb Operating systems & Components / Operating system package or component javassist Operating systems & Components / Operating system package or component javaparser Operating systems & Components / Operating system package or component javapackages-tools Operating systems & Components / Operating system package or component javapackages-bootstrap Operating systems & Components / Operating system package or component javaewah Operating systems & Components / Operating system package or component javacc-maven-plugin Operating systems & Components / Operating system package or component javacc Operating systems & Components / Operating system package or component java_cup Operating systems & Components / Operating system package or component java-scrypt Operating systems & Components / Operating system package or component java-jd-decompiler Operating systems & Components / Operating system package or component java-diff-utils Operating systems & Components / Operating system package or component java-21-openjdk Operating systems & Components / Operating system package or component java-17-openjdk-portable Operating systems & Components / Operating system package or component java-17-openjdk Operating systems & Components / Operating system package or component java-11-openjdk-portable Operating systems & Components / Operating system package or component java-11-openjdk Operating systems & Components / Operating system package or component java-1.8.0-openjdk Operating systems & Components / Operating system package or component jansi1 Operating systems & Components / Operating system package or component jansi-native Operating systems & Components / Operating system package or component jansi Operating systems & Components / Operating system package or component jakarta-xml-ws Operating systems & Components / Operating system package or component jakarta-servlet Operating systems & Components / Operating system package or component jakarta-saaj Operating systems & Components / Operating system package or component jakarta-oro Operating systems & Components / Operating system package or component jakarta-mail Operating systems & Components / Operating system package or component jakarta-json Operating systems & Components / Operating system package or component jakarta-interceptors Operating systems & Components / Operating system package or component jakarta-el Operating systems & Components / Operating system package or component jakarta-annotations Operating systems & Components / Operating system package or component jakarta-activation1 Operating systems & Components / Operating system package or component jakarta-activation Operating systems & Components / Operating system package or component jacop Operating systems & Components / Operating system package or component jackson-parent Operating systems & Components / Operating system package or component jackson-modules-base Operating systems & Components / Operating system package or component jackson-jaxrs-providers Operating systems & Components / Operating system package or component jackson-databind Operating systems & Components / Operating system package or component jackson-core Operating systems & Components / Operating system package or component jackson-bom Operating systems & Components / Operating system package or component jackson-annotations Operating systems & Components / Operating system package or component jFormatString Operating systems & Components / Operating system package or component imagej Operating systems & Components / Operating system package or component icu4j Operating systems & Components / Operating system package or component icedtea-web Operating systems & Components / Operating system package or component icecat Operating systems & Components / Operating system package or component httpcomponents-project Operating systems & Components / Operating system package or component httpcomponents-core Operating systems & Components / Operating system package or component httpcomponents-client Operating systems & Components / Operating system package or component hibernate-jpa-2.0-api Operating systems & Components / Operating system package or component hawtjni Operating systems & Components / Operating system package or component hamcrest Operating systems & Components / Operating system package or component guava Operating systems & Components / Operating system package or component google-guice Operating systems & Components / Operating system package or component gnulib Operating systems & Components / Operating system package or component fusesource-pom Operating systems & Components / Operating system package or component frysk Operating systems & Components / Operating system package or component freerouting Operating systems & Components / Operating system package or component freecol Operating systems & Components / Operating system package or component forge-parent Operating systems & Components / Operating system package or component fop Operating systems & Components / Operating system package or component flute Operating systems & Components / Operating system package or component fishbowl Operating systems & Components / Operating system package or component filedrop Operating systems & Components / Operating system package or component fernflower Operating systems & Components / Operating system package or component felix-utils Operating systems & Components / Operating system package or component felix-parent Operating systems & Components / Operating system package or component fasterxml-oss-parent Operating systems & Components / Operating system package or component extra-enforcer-rules Operating systems & Components / Operating system package or component enjarify Operating systems & Components / Operating system package or component ed25519-java Operating systems & Components / Operating system package or component eclipse-swt Operating systems & Components / Operating system package or component ecj Operating systems & Components / Operating system package or component easymock Operating systems & Components / Operating system package or component dogtag-pki Operating systems & Components / Operating system package or component ditaa Operating systems & Components / Operating system package or component disruptor Operating systems & Components / Operating system package or component dirgra Operating systems & Components / Operating system package or component directory-maven-plugin Operating systems & Components / Operating system package or component diffoscope Operating systems & Components / Operating system package or component decentxml Operating systems & Components / Operating system package or component crypto-policies Operating systems & Components / Operating system package or component cryptlib Operating systems & Components / Operating system package or component cortado Operating systems & Components / Operating system package or component console-image-viewer Operating systems & Components / Operating system package or component colossus Operating systems & Components / Operating system package or component codehaus-parent Operating systems & Components / Operating system package or component clojure-spec-alpha Operating systems & Components / Operating system package or component clojure-maven-plugin Operating systems & Components / Operating system package or component clojure-core-specs-alpha Operating systems & Components / Operating system package or component clojure Operating systems & Components / Operating system package or component classloader-leak-test-framework Operating systems & Components / Operating system package or component chromium Operating systems & Components / Operating system package or component cglib Operating systems & Components / Operating system package or component ceph Operating systems & Components / Operating system package or component cdi-api Operating systems & Components / Operating system package or component canl-java Operating systems & Components / Operating system package or component cambozola Operating systems & Components / Operating system package or component byteman Operating systems & Components / Operating system package or component byte-buddy Operating systems & Components / Operating system package or component build-helper-maven-plugin Operating systems & Components / Operating system package or component bsh Operating systems & Components / Operating system package or component bsf Operating systems & Components / Operating system package or component brazil Operating systems & Components / Operating system package or component bouncycastle Operating systems & Components / Operating system package or component bolzplatz2006 Operating systems & Components / Operating system package or component beust-jcommander Operating systems & Components / Operating system package or component beansbinding Operating systems & Components / Operating system package or component bcel Operating systems & Components / Operating system package or component batik Operating systems & Components / Operating system package or component auto Operating systems & Components / Operating system package or component atinject Operating systems & Components / Operating system package or component assertj-core Operating systems & Components / Operating system package or component args4j Operating systems & Components / Operating system package or component aqute-bnd Operating systems & Components / Operating system package or component apiguardian Operating systems & Components / Operating system package or component apache-resource-bundles Operating systems & Components / Operating system package or component apache-parent Operating systems & Components / Operating system package or component apache-ivy Operating systems & Components / Operating system package or component apache-commons-vfs Operating systems & Components / Operating system package or component apache-commons-text Operating systems & Components / Operating system package or component apache-commons-pool Operating systems & Components / Operating system package or component apache-commons-parent Operating systems & Components / Operating system package or component apache-commons-net Operating systems & Components / Operating system package or component apache-commons-modeler Operating systems & Components / Operating system package or component apache-commons-math Operating systems & Components / Operating system package or component apache-commons-logging Operating systems & Components / Operating system package or component apache-commons-lang3 Operating systems & Components / Operating system package or component apache-commons-jxpath Operating systems & Components / Operating system package or component apache-commons-io Operating systems & Components / Operating system package or component apache-commons-exec Operating systems & Components / Operating system package or component apache-commons-digester Operating systems & Components / Operating system package or component apache-commons-compress Operating systems & Components / Operating system package or component apache-commons-collections4 Operating systems & Components / Operating system package or component apache-commons-collections Operating systems & Components / Operating system package or component apache-commons-codec Operating systems & Components / Operating system package or component apache-commons-cli Operating systems & Components / Operating system package or component apache-commons-beanutils Operating systems & Components / Operating system package or component aopalliance Operating systems & Components / Operating system package or component antlrworks Operating systems & Components / Operating system package or component antlr3 Operating systems & Components / Operating system package or component antlr Operating systems & Components / Operating system package or component ant-antunit Operating systems & Components / Operating system package or component ant Operating systems & Components / Operating system package or component R-rJava Operating systems & Components / Operating system package or component OpenStego Operating systems & Components / Operating system package or component Mars Operating systems & Components / Operating system package or component IPAddress Operating systems & Components / Operating system package or component CardManager Operating systems & Components / Operating system package or component CFR Operating systems & Components / Operating system package or component BareBonesBrowserLaunch Operating systems & Components / Operating system package or component |
Vendor | Fedoraproject |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU86857
Risk: High
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-1938
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 40
xz-java: before 1.9-10.fc40
xstream: before 1.4.20-6.fc40
xmvn-generator: before 1.2.2-3.fc40
xmvn-connector-ivy: before 4.0.0-3.fc40
xmvn: before 4.2.0-8.fc40
xmlunit: before 2.9.0-11.fc40
xmlstreambuffer: before 2.1.0-5.fc40
xmlpull: before 1.2.0-9.fc40
xmlgraphics-commons: before 2.9-3.fc40
xml-maven-plugin: before 1.1.0-3.fc40
xml-commons-resolver: before 1.2-44.fc40
xml-commons-apis: before 1.4.01-46.fc40
xerces-j2: before 2.12.2-10.fc40
xbean: before 4.24-3.fc40
xalan-j2: before 2.7.3-3.fc40
wsdl4j: before 1.6.3-30.fc40
ws-commons-util: before 1.0.2-24.fc40
will-crash: before 0.13.5-6.fc40
weld-parent: before 46-7.fc40
voms-clients-java: before 3.3.2-13.fc40
voms-api-java: before 3.3.2-16.fc40
velocity: before 2.3-5.fc40
vecmath1.2: before 1.14-36.fc40
univocity-parsers: before 2.9.1-13.fc40
truth: before 1.0.1-11.fc40
trilead-ssh2: before 217.21-13.fc40
treelayout: before 1.0.3-23.fc40
tomcat-taglibs-parent: before 3-24.fc40
tomcat-native: before 1.2.36-4.fc40
tomcat: before 9.0.83-3.fc40
testng: before 7.8.0-5.fc40
tagsoup: before 1.2.1-32.fc40
t-digest: before 3.2-8.fc40
swing-layout: before 1.0.4-30.fc40
subversion: before 1.14.3-5.fc40
string-template-maven-plugin: before 1.1-13.fc40
spice-parent: before 26-24.fc40
spec-version-maven-plugin: before 2.2-3.fc40
snip: before 0.11-25.fc40
snakeyaml: before 1.33-3.fc40
slf4j: before 1.7.32-12.fc40
sisu-mojos: before 0.9.0~M2-4.fc40
sisu: before 0.3.5-13.fc40
sequence-library: before 1.0.3-18.fc40
sdljava: before 0.9.1-62.fc40
scannotation: before 1.0.3-0.33.r12.fc40
scala: before 2.13.12-7.fc40
sblim-cim-client: before 1.3.9.3-34.fc40
sat4j: before 2.3.5-30.fc40
sac: before 1.3-46.fc40
rundoc: before 0.11-25.fc40
rsyntaxtextarea: before 3.1.3-11.fc40
rstudio: before 2023.12.1+402-2.fc40
rhino: before 1.7.14-10.fc40
replacer: before 1.6-30.fc40
relaxng-datatype-java: before 2011.1-4.fc40
regexp: before 1.5-48.fc40
reflections: before 0.9.12-17.fc40
qdox: before 2.1.0-3.fc40
python-javaobj: before 0.4.3-12.fc40
prometheus-simpleclient-java: before 0.12.0-11.fc40
prometheus-jmx-exporter: before 0.16.1-13.fc40
proguard: before 6.2.2-5.fc40
postgresql-jdbc: before 42.7.1-4.fc40
plexus-xml: before 3.0.0-2.fc40
plexus-velocity: before 2.0-6.fc40
plexus-utils: before 3.5.1-8.fc40
plexus-testing: before 1.3.0-2.fc40
plexus-sec-dispatcher: before 2.0-14.fc40
plexus-resources: before 1.3.0-4.fc40
plexus-pom: before 16-3.fc40
plexus-languages: before 1.2.0-6.fc40
plexus-io: before 3.4.2-3.fc40
plexus-interpolation: before 1.27-3.fc40
plexus-i18n: before 1.0-0.31.b10.4.fc40
plexus-containers: before 2.2.0-3.fc40
plexus-components-pom: before 14.2-5.fc40
plexus-compiler: before 2.14.2-3.fc40
plexus-classworlds: before 2.8.0-3.fc40
plexus-cipher: before 2.0-11.fc40
plexus-build-api0: before 0.0.7-44.fc40
plexus-build-api: before 1.2.0-6.fc40
plexus-archiver: before 4.9.1-3.fc40
plantuml: before 1.2024.3-3.fc40
picocli: before 4.7.4-5.fc40
pentaho-reporting-flow-engine: before 0.9.4-35.fc40
pentaho-libxml: before 1.1.3-42.fc40
pdftk-java: before 3.3.3-6.fc40
pcfi: before 2010.08.09-30.20111103gitbd245c9.fc40
osgi-core: before 8.0.0-13.fc40
osgi-compendium: before 7.0.0-20.fc40
osgi-annotation: before 8.1.0-6.fc40
options: before 1.7-10.fc40
opentest4j: before 1.3.0-6.fc40
openni: before 1.5.7.10-33.fc40
openjfx8: before 8.0.202-40.b07.fc40
openjfx: before 17.0.11.0-2.fc40
openjdk-asmtools7: before 7.0.b10-0.11.20210610.gitf40a2c0.fc40
octave: before 8.4.0-6.fc40
objenesis: before 3.3-9.fc40
objectweb-asm: before 9.6-5.fc40
nom-tam-fits: before 1.15.2-22.fc40
nekohtml: before 1.9.22-26.fc40
naga: before 3.0-26.20200930git6f1e95d.fc40
mysql-connector-java: before 8.0.30-6.fc40
mxparser: before 1.2.2-10.fc40
msv: before 2022.7-4.fc40
mojo-parent: before 78-3.fc40
mojo-executor: before 2.4.0-9.fc40
modulemaker-maven-plugin: before 1.11-1.fc40
moditect: before 1.1.0-2.fc40
modello: before 2.1.2-6.fc40
mockito: before 5.8.0-5.fc40
miglayout: before 5.0-4.fc40
mecab-java: before 0.996-8.fc40
maven-wagon: before 3.5.3-7.fc40
maven-verifier-plugin: before 1.1-6.fc40
maven-verifier: before 2.0.0~M1-7.fc40
maven-surefire: before 3.2.2-5.fc40
maven-source-plugin: before 3.3.0-6.fc40
maven-shared-utils: before 3.4.2-7.fc40
maven-shared-io: before 3.0.0-25.fc40
maven-shared-incremental: before 1.1-33.fc40
maven-shade-plugin: before 3.5.1-4.fc40
maven-resources-plugin: before 3.3.1-6.fc40
maven-resolver: before 1.9.18-3.fc40
maven-remote-resources-plugin: before 3.1.0-6.fc40
maven-plugin-tools: before 3.9.0-6.fc40
maven-plugin-testing: before 3.3.0-33.fc40
maven-patch-plugin: before 1.2-27.fc40
maven-parent: before 41-5.fc40
maven-native: before 1.0-0.18.alpha.11.fc40
maven-jar-plugin: before 3.3.0-6.fc40
maven-filtering: before 3.3.1-6.fc40
maven-file-management: before 3.1.0-6.fc40
maven-enforcer: before 3.4.1-3.fc40
maven-doxia-sitetools: before 1.11.1-10.fc40
maven-doxia: before 1.12.0-7.fc40
maven-dependency-tree: before 3.2.1-6.fc40
maven-dependency-plugin: before 3.6.1-3.fc40
maven-dependency-analyzer: before 1.13.2-6.fc40
maven-compiler-plugin: before 3.12.1-3.fc40
maven-common-artifact-filters: before 3.3.2-6.fc40
maven-clean-plugin: before 3.3.2-4.fc40
maven-bundle-plugin: before 5.1.9-5.fc40
maven-assembly-plugin: before 3.6.0-6.fc40
maven-artifact-transfer: before 0.13.1-14.fc40
maven-archiver: before 3.6.1-6.fc40
maven-antrun-plugin: before 3.1.0-9.fc40
maven: before 3.9.6-5.fc40
mariadb-java-client: before 3.3.2-4.fc40
lucene: before 9.9.2-2.fc40
log4j: before 2.20.0-7.fc40
libvirt-java: before 0.4.9-29.fc40
libserializer: before 1.1.2-42.fc40
librepository: before 1.1.3-43.fc40
libreoffice: before 24.2.1.1-3.fc40
libloader: before 1.1.3-44.fc40
liblayout: before 0.2.10-36.fc40
libformula: before 1.1.3-43.fc40
libfonts: before 1.1.3-46.fc40
libbase: before 1.1.3-42.fc40
ldapjdk: before 5.5.0-2.fc40
laf-plugin: before 1.0-35.fc40
kawa: before 3.1.1-19.fc40
jzlib: before 1.1.3-30.fc40
junit5: before 5.10.2-3.fc40
junit: before 4.13.2-6.fc40
jtidy: before 1.0-0.45.20100930svn1125.fc40
jssc: before 2.8.0-30.fc40
jss: before 5.5.0-1.fc40.1
jsr-305: before 3.0.2-15.fc40
jsoup: before 1.17.2-2.fc40
json_simple: before 1.1.1-34.fc40
jsch-agent-proxy: before 0.0.8-25.fc40
jsch: before 0.1.55-16.fc40
jorbis: before 0.0.17-34.fc40
jolokia-jvm-agent: before 1.6.2-17.fc40
jol: before 0.17-5.fc40
jni-inchi: before 0.8-11.fc40
jneuroml-core: before 1.6.1-14.fc40
jna: before 5.14.0-4.fc40
jmock: before 2.12.0-16.fc40
jline2: before 2.14.6-12.fc40
jigawatts: before 0.2-0.12.202108276c78499.fc40
jgoodies-looks: before 2.7.0-11.fc40
jgoodies-forms: before 1.9.0-11.fc40
jgoodies-common: before 1.8.1-21.fc40
jglobus: before 2.1.0-35.fc40
jgit: before 6.1.0-9.fc40
jfreechart: before 1.5.4-5.fc40
jflex: before 1.7.0-18.fc40
jetty: before 9.4.40-11.fc40
jericho-html: before 3.3-30.fc40
jdom2: before 2.0.6.1-7.fc40
jdom: before 1.1.3-37.fc40
jdepend: before 2.10-10.fc40
jdeparser: before 2.0.3-17.fc40
jcuber: before 4.8-6.fc40
jctools: before 4.0.2-3.fc40
jcip-annotations: before 1-43.20060626.fc40
jchardet: before 1.1-34.fc40
jboss-parent: before 20-21.fc40
jboss-logging-tools: before 2.2.1-17.fc40
jboss-logging: before 3.5.3-5.fc40
jboss-jaxrs-2.0-api: before 1.0.0-27.fc40
jblas: before 1.2.5-15.fc40
jaxen: before 1.2.0-17.fc40
jaxb-stax-ex: before 2.1.0-8.fc40
jaxb-istack-commons: before 4.2.0-8.fc40
jaxb-fi: before 2.1.1-5.fc40
jaxb-dtd-parser: before 1.5.1-5.fc40
jaxb-api2: before 2.3.3-10.fc40
jaxb-api: before 4.0.1-5.fc40
jaxb: before 4.0.4-6.fc40
javassist: before 3.30.2-4.fc40
javaparser: before 3.25.8-3.fc40
javapackages-tools: before 6.2.0-9.fc40
javapackages-bootstrap: before 1.16.0-3.fc40
javaewah: before 1.1.13-10.fc40
javacc-maven-plugin: before 3.1.0-1.fc40
javacc: before 7.0.13-5.fc40
java_cup: before 0.11b-29.fc40
java-scrypt: before 1.4.0-24.fc40
java-jd-decompiler: before 1.1.3-8.fc40
java-diff-utils: before 4.12-7.fc40
java-21-openjdk: before 21.0.2.0.13-2.fc40
java-17-openjdk-portable: before 17.0.10.0.7-1.fc40.1
java-17-openjdk: before 17.0.10.0.7-2.fc40
java-11-openjdk-portable: before 11.0.22.0.7-1.fc40.1
java-11-openjdk: before 11.0.22.0.7-1.fc40.1
java-1.8.0-openjdk: before 1.8.0.402.b06-1.fc40.1
jansi1: before 1.18-21.fc40
jansi-native: before 1.8-18.fc40
jansi: before 2.4.1-3.fc40
jakarta-xml-ws: before 4.0.0-6.fc40
jakarta-servlet: before 5.0.0-18.fc40
jakarta-saaj: before 3.0.0-6.fc40
jakarta-oro: before 2.0.8-44.fc40
jakarta-mail: before 2.1.2-5.fc40
jakarta-json: before 2.1.3-4.fc40
jakarta-interceptors: before 2.0.0-12.fc40
jakarta-el: before 4.0.0-14.fc40
jakarta-annotations: before 1.3.5-22.fc40
jakarta-activation1: before 1.2.2-13.fc40
jakarta-activation: before 2.1.2-6.fc40
jacop: before 4.9.0-5.fc40
jackson-parent: before 2.16-4.fc40
jackson-modules-base: before 2.16.1-3.fc40
jackson-jaxrs-providers: before 2.16.1-3.fc40
jackson-databind: before 2.16.1-4.fc40
jackson-core: before 2.16.1-4.fc40
jackson-bom: before 2.16.1-3.fc40
jackson-annotations: before 2.16.1-3.fc40
jFormatString: before 0-0.49.20131227gitf159b88.fc40
imagej: before 1.54h-4.fc40
icu4j: before 74.2-4.fc40
icedtea-web: before 1.8.8-5.fc40
icecat: before 115.8.0-2.rh1.fc40
httpcomponents-project: before 13-6.fc40
httpcomponents-core: before 4.4.16-8.fc40
httpcomponents-client: before 4.5.14-8.fc40
hibernate-jpa-2.0-api: before 1.0.1-40.fc40
hawtjni: before 1.18-12.fc40
hamcrest: before 2.2-16.fc40
guava: before 32.1.3-5.fc40
google-guice: before 5.1.0-11.fc40
gnulib: before 0-50.20230709git.fc40
fusesource-pom: before 1.12-18.fc40
frysk: before 0.4-94.fc40
freerouting: before 1.3.1-17.fc40
freecol: before 1.1.0-4.fc40
forge-parent: before 38-28.fc40
fop: before 2.9-6.fc40
flute: before 1.3.0-37.OOo31.fc40
fishbowl: before 1.4.1-9.fc40
filedrop: before 1.1-24.fc40
fernflower: before 211.7442.40-11.fc40
felix-utils: before 1.11.8-9.fc40
felix-parent: before 8-5.fc40
fasterxml-oss-parent: before 58-2.fc40
extra-enforcer-rules: before 1.7.0-6.fc40
enjarify: before 1.0.3-35.fc40
ed25519-java: before 0.3.0-21.fc40
eclipse-swt: before 4.29-4.fc40
ecj: before 4.23-9.fc40
easymock: before 4.3-8.fc40
dogtag-pki: before 11.5.0-1.fc40.1
ditaa: before 0.10-24.fc40
disruptor: before 3.4.4-11.fc40
dirgra: before 0.4-12.fc40
directory-maven-plugin: before 0.3.1-15.fc40
diffoscope: before 257-2.fc40
decentxml: before 1.4-35.fc40
crypto-policies: before 20240201-2.git9f501f3.fc40
cryptlib: before 3.4.7-5.fc40
cortado: before 0.6.0-32.fc40
console-image-viewer: before 1.2-24.fc40
colossus: before 0.14.0-27.fc40
codehaus-parent: before 4-30.fc40
clojure-spec-alpha: before 0.3.218-8.fc40
clojure-maven-plugin: before 1.9.2-6.fc40
clojure-core-specs-alpha: before 0.2.62-8.fc40
clojure: before 1.11.1-8.fc40
classloader-leak-test-framework: before 2.7.0-8.fc40
chromium: before 122.0.6261.94-2.fc40
cglib: before 3.3.0-15.fc40
ceph: before 18.2.1-10.fc40
cdi-api: before 2.0.2-14.fc40
canl-java: before 2.8.3-5.fc40
cambozola: before 0.936-24.fc40
byteman: before 4.0.16-13.fc40
byte-buddy: before 1.14.2-8.fc40
build-helper-maven-plugin: before 3.5.0-4.fc40
bsh: before 2.1.0-12.fc40
bsf: before 2.4.0-54.fc40
brazil: before 2.3-36.fc40
bouncycastle: before 1.70-13.fc40
bolzplatz2006: before 1.0.3-58.fc40
beust-jcommander: before 1.82-9.fc40
beansbinding: before 1.2.1-36.fc40
bcel: before 6.8.1-3.fc40
batik: before 1.14-13.fc40
auto: before 1.6.1-10.fc40
atinject: before 1.0.5-12.fc40
assertj-core: before 3.24.2-8.fc40
args4j: before 2.33-26.fc40
aqute-bnd: before 6.3.1-10.fc40
apiguardian: before 1.1.2-12.fc40
apache-resource-bundles: before 1.5-7.fc40
apache-parent: before 31-5.fc40
apache-ivy: before 2.5.2-4.fc40
apache-commons-vfs: before 2.9.0-5.fc40
apache-commons-text: before 1.10.0-6.fc40
apache-commons-pool: before 1.6-37.fc40
apache-commons-parent: before 66-3.fc40
apache-commons-net: before 3.10.0-5.fc40
apache-commons-modeler: before 2.0.1-40.fc40
apache-commons-math: before 3.6.1-18.fc40
apache-commons-logging: before 1.3.0-5.fc40
apache-commons-lang3: before 3.14.0-5.fc40
apache-commons-jxpath: before 1.3-52.fc40
apache-commons-io: before 2.13.0-8.fc40
apache-commons-exec: before 1.3-31.fc40
apache-commons-digester: before 2.1-30.fc40
apache-commons-compress: before 1.25.0-5.fc40
apache-commons-collections4: before 4.4-15.fc40
apache-commons-collections: before 3.2.2-36.fc40
apache-commons-codec: before 1.16.0-7.fc40
apache-commons-cli: before 1.6.0-5.fc40
apache-commons-beanutils: before 1.9.4-19.fc40
aopalliance: before 1.0-39.fc40
antlrworks: before 1.5.2-29.fc40
antlr3: before 3.5.3-10.fc40
antlr: before 2.7.7-77.fc40
ant-antunit: before 1.4.1-11.fc40
ant: before 1.10.14-10.fc40
R-rJava: before 1.0.6-9.fc40
OpenStego: before 0.7.4-12.fc40
Mars: before 4.5-26.fc40
IPAddress: before 5.2.1-17.fc40
CardManager: before 3-29.fc40
CFR: before 0.151-16.fc40
BareBonesBrowserLaunch: before 3.1-33.fc40
CPE2.3https://bodhi.fedoraproject.org/updates/FEDORA-2024-129d8ca6fc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU86858
Risk: High
CVSSv4.0: 7.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2024-1939
CWE-ID:
CWE-843 - Type confusion
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error within the V8 engine. A remote attacker can trick the victim to visit a specially crafted webpage, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's repository.
Vulnerable software versionsFedora: 40
xz-java: before 1.9-10.fc40
xstream: before 1.4.20-6.fc40
xmvn-generator: before 1.2.2-3.fc40
xmvn-connector-ivy: before 4.0.0-3.fc40
xmvn: before 4.2.0-8.fc40
xmlunit: before 2.9.0-11.fc40
xmlstreambuffer: before 2.1.0-5.fc40
xmlpull: before 1.2.0-9.fc40
xmlgraphics-commons: before 2.9-3.fc40
xml-maven-plugin: before 1.1.0-3.fc40
xml-commons-resolver: before 1.2-44.fc40
xml-commons-apis: before 1.4.01-46.fc40
xerces-j2: before 2.12.2-10.fc40
xbean: before 4.24-3.fc40
xalan-j2: before 2.7.3-3.fc40
wsdl4j: before 1.6.3-30.fc40
ws-commons-util: before 1.0.2-24.fc40
will-crash: before 0.13.5-6.fc40
weld-parent: before 46-7.fc40
voms-clients-java: before 3.3.2-13.fc40
voms-api-java: before 3.3.2-16.fc40
velocity: before 2.3-5.fc40
vecmath1.2: before 1.14-36.fc40
univocity-parsers: before 2.9.1-13.fc40
truth: before 1.0.1-11.fc40
trilead-ssh2: before 217.21-13.fc40
treelayout: before 1.0.3-23.fc40
tomcat-taglibs-parent: before 3-24.fc40
tomcat-native: before 1.2.36-4.fc40
tomcat: before 9.0.83-3.fc40
testng: before 7.8.0-5.fc40
tagsoup: before 1.2.1-32.fc40
t-digest: before 3.2-8.fc40
swing-layout: before 1.0.4-30.fc40
subversion: before 1.14.3-5.fc40
string-template-maven-plugin: before 1.1-13.fc40
spice-parent: before 26-24.fc40
spec-version-maven-plugin: before 2.2-3.fc40
snip: before 0.11-25.fc40
snakeyaml: before 1.33-3.fc40
slf4j: before 1.7.32-12.fc40
sisu-mojos: before 0.9.0~M2-4.fc40
sisu: before 0.3.5-13.fc40
sequence-library: before 1.0.3-18.fc40
sdljava: before 0.9.1-62.fc40
scannotation: before 1.0.3-0.33.r12.fc40
scala: before 2.13.12-7.fc40
sblim-cim-client: before 1.3.9.3-34.fc40
sat4j: before 2.3.5-30.fc40
sac: before 1.3-46.fc40
rundoc: before 0.11-25.fc40
rsyntaxtextarea: before 3.1.3-11.fc40
rstudio: before 2023.12.1+402-2.fc40
rhino: before 1.7.14-10.fc40
replacer: before 1.6-30.fc40
relaxng-datatype-java: before 2011.1-4.fc40
regexp: before 1.5-48.fc40
reflections: before 0.9.12-17.fc40
qdox: before 2.1.0-3.fc40
python-javaobj: before 0.4.3-12.fc40
prometheus-simpleclient-java: before 0.12.0-11.fc40
prometheus-jmx-exporter: before 0.16.1-13.fc40
proguard: before 6.2.2-5.fc40
postgresql-jdbc: before 42.7.1-4.fc40
plexus-xml: before 3.0.0-2.fc40
plexus-velocity: before 2.0-6.fc40
plexus-utils: before 3.5.1-8.fc40
plexus-testing: before 1.3.0-2.fc40
plexus-sec-dispatcher: before 2.0-14.fc40
plexus-resources: before 1.3.0-4.fc40
plexus-pom: before 16-3.fc40
plexus-languages: before 1.2.0-6.fc40
plexus-io: before 3.4.2-3.fc40
plexus-interpolation: before 1.27-3.fc40
plexus-i18n: before 1.0-0.31.b10.4.fc40
plexus-containers: before 2.2.0-3.fc40
plexus-components-pom: before 14.2-5.fc40
plexus-compiler: before 2.14.2-3.fc40
plexus-classworlds: before 2.8.0-3.fc40
plexus-cipher: before 2.0-11.fc40
plexus-build-api0: before 0.0.7-44.fc40
plexus-build-api: before 1.2.0-6.fc40
plexus-archiver: before 4.9.1-3.fc40
plantuml: before 1.2024.3-3.fc40
picocli: before 4.7.4-5.fc40
pentaho-reporting-flow-engine: before 0.9.4-35.fc40
pentaho-libxml: before 1.1.3-42.fc40
pdftk-java: before 3.3.3-6.fc40
pcfi: before 2010.08.09-30.20111103gitbd245c9.fc40
osgi-core: before 8.0.0-13.fc40
osgi-compendium: before 7.0.0-20.fc40
osgi-annotation: before 8.1.0-6.fc40
options: before 1.7-10.fc40
opentest4j: before 1.3.0-6.fc40
openni: before 1.5.7.10-33.fc40
openjfx8: before 8.0.202-40.b07.fc40
openjfx: before 17.0.11.0-2.fc40
openjdk-asmtools7: before 7.0.b10-0.11.20210610.gitf40a2c0.fc40
octave: before 8.4.0-6.fc40
objenesis: before 3.3-9.fc40
objectweb-asm: before 9.6-5.fc40
nom-tam-fits: before 1.15.2-22.fc40
nekohtml: before 1.9.22-26.fc40
naga: before 3.0-26.20200930git6f1e95d.fc40
mysql-connector-java: before 8.0.30-6.fc40
mxparser: before 1.2.2-10.fc40
msv: before 2022.7-4.fc40
mojo-parent: before 78-3.fc40
mojo-executor: before 2.4.0-9.fc40
modulemaker-maven-plugin: before 1.11-1.fc40
moditect: before 1.1.0-2.fc40
modello: before 2.1.2-6.fc40
mockito: before 5.8.0-5.fc40
miglayout: before 5.0-4.fc40
mecab-java: before 0.996-8.fc40
maven-wagon: before 3.5.3-7.fc40
maven-verifier-plugin: before 1.1-6.fc40
maven-verifier: before 2.0.0~M1-7.fc40
maven-surefire: before 3.2.2-5.fc40
maven-source-plugin: before 3.3.0-6.fc40
maven-shared-utils: before 3.4.2-7.fc40
maven-shared-io: before 3.0.0-25.fc40
maven-shared-incremental: before 1.1-33.fc40
maven-shade-plugin: before 3.5.1-4.fc40
maven-resources-plugin: before 3.3.1-6.fc40
maven-resolver: before 1.9.18-3.fc40
maven-remote-resources-plugin: before 3.1.0-6.fc40
maven-plugin-tools: before 3.9.0-6.fc40
maven-plugin-testing: before 3.3.0-33.fc40
maven-patch-plugin: before 1.2-27.fc40
maven-parent: before 41-5.fc40
maven-native: before 1.0-0.18.alpha.11.fc40
maven-jar-plugin: before 3.3.0-6.fc40
maven-filtering: before 3.3.1-6.fc40
maven-file-management: before 3.1.0-6.fc40
maven-enforcer: before 3.4.1-3.fc40
maven-doxia-sitetools: before 1.11.1-10.fc40
maven-doxia: before 1.12.0-7.fc40
maven-dependency-tree: before 3.2.1-6.fc40
maven-dependency-plugin: before 3.6.1-3.fc40
maven-dependency-analyzer: before 1.13.2-6.fc40
maven-compiler-plugin: before 3.12.1-3.fc40
maven-common-artifact-filters: before 3.3.2-6.fc40
maven-clean-plugin: before 3.3.2-4.fc40
maven-bundle-plugin: before 5.1.9-5.fc40
maven-assembly-plugin: before 3.6.0-6.fc40
maven-artifact-transfer: before 0.13.1-14.fc40
maven-archiver: before 3.6.1-6.fc40
maven-antrun-plugin: before 3.1.0-9.fc40
maven: before 3.9.6-5.fc40
mariadb-java-client: before 3.3.2-4.fc40
lucene: before 9.9.2-2.fc40
log4j: before 2.20.0-7.fc40
libvirt-java: before 0.4.9-29.fc40
libserializer: before 1.1.2-42.fc40
librepository: before 1.1.3-43.fc40
libreoffice: before 24.2.1.1-3.fc40
libloader: before 1.1.3-44.fc40
liblayout: before 0.2.10-36.fc40
libformula: before 1.1.3-43.fc40
libfonts: before 1.1.3-46.fc40
libbase: before 1.1.3-42.fc40
ldapjdk: before 5.5.0-2.fc40
laf-plugin: before 1.0-35.fc40
kawa: before 3.1.1-19.fc40
jzlib: before 1.1.3-30.fc40
junit5: before 5.10.2-3.fc40
junit: before 4.13.2-6.fc40
jtidy: before 1.0-0.45.20100930svn1125.fc40
jssc: before 2.8.0-30.fc40
jss: before 5.5.0-1.fc40.1
jsr-305: before 3.0.2-15.fc40
jsoup: before 1.17.2-2.fc40
json_simple: before 1.1.1-34.fc40
jsch-agent-proxy: before 0.0.8-25.fc40
jsch: before 0.1.55-16.fc40
jorbis: before 0.0.17-34.fc40
jolokia-jvm-agent: before 1.6.2-17.fc40
jol: before 0.17-5.fc40
jni-inchi: before 0.8-11.fc40
jneuroml-core: before 1.6.1-14.fc40
jna: before 5.14.0-4.fc40
jmock: before 2.12.0-16.fc40
jline2: before 2.14.6-12.fc40
jigawatts: before 0.2-0.12.202108276c78499.fc40
jgoodies-looks: before 2.7.0-11.fc40
jgoodies-forms: before 1.9.0-11.fc40
jgoodies-common: before 1.8.1-21.fc40
jglobus: before 2.1.0-35.fc40
jgit: before 6.1.0-9.fc40
jfreechart: before 1.5.4-5.fc40
jflex: before 1.7.0-18.fc40
jetty: before 9.4.40-11.fc40
jericho-html: before 3.3-30.fc40
jdom2: before 2.0.6.1-7.fc40
jdom: before 1.1.3-37.fc40
jdepend: before 2.10-10.fc40
jdeparser: before 2.0.3-17.fc40
jcuber: before 4.8-6.fc40
jctools: before 4.0.2-3.fc40
jcip-annotations: before 1-43.20060626.fc40
jchardet: before 1.1-34.fc40
jboss-parent: before 20-21.fc40
jboss-logging-tools: before 2.2.1-17.fc40
jboss-logging: before 3.5.3-5.fc40
jboss-jaxrs-2.0-api: before 1.0.0-27.fc40
jblas: before 1.2.5-15.fc40
jaxen: before 1.2.0-17.fc40
jaxb-stax-ex: before 2.1.0-8.fc40
jaxb-istack-commons: before 4.2.0-8.fc40
jaxb-fi: before 2.1.1-5.fc40
jaxb-dtd-parser: before 1.5.1-5.fc40
jaxb-api2: before 2.3.3-10.fc40
jaxb-api: before 4.0.1-5.fc40
jaxb: before 4.0.4-6.fc40
javassist: before 3.30.2-4.fc40
javaparser: before 3.25.8-3.fc40
javapackages-tools: before 6.2.0-9.fc40
javapackages-bootstrap: before 1.16.0-3.fc40
javaewah: before 1.1.13-10.fc40
javacc-maven-plugin: before 3.1.0-1.fc40
javacc: before 7.0.13-5.fc40
java_cup: before 0.11b-29.fc40
java-scrypt: before 1.4.0-24.fc40
java-jd-decompiler: before 1.1.3-8.fc40
java-diff-utils: before 4.12-7.fc40
java-21-openjdk: before 21.0.2.0.13-2.fc40
java-17-openjdk-portable: before 17.0.10.0.7-1.fc40.1
java-17-openjdk: before 17.0.10.0.7-2.fc40
java-11-openjdk-portable: before 11.0.22.0.7-1.fc40.1
java-11-openjdk: before 11.0.22.0.7-1.fc40.1
java-1.8.0-openjdk: before 1.8.0.402.b06-1.fc40.1
jansi1: before 1.18-21.fc40
jansi-native: before 1.8-18.fc40
jansi: before 2.4.1-3.fc40
jakarta-xml-ws: before 4.0.0-6.fc40
jakarta-servlet: before 5.0.0-18.fc40
jakarta-saaj: before 3.0.0-6.fc40
jakarta-oro: before 2.0.8-44.fc40
jakarta-mail: before 2.1.2-5.fc40
jakarta-json: before 2.1.3-4.fc40
jakarta-interceptors: before 2.0.0-12.fc40
jakarta-el: before 4.0.0-14.fc40
jakarta-annotations: before 1.3.5-22.fc40
jakarta-activation1: before 1.2.2-13.fc40
jakarta-activation: before 2.1.2-6.fc40
jacop: before 4.9.0-5.fc40
jackson-parent: before 2.16-4.fc40
jackson-modules-base: before 2.16.1-3.fc40
jackson-jaxrs-providers: before 2.16.1-3.fc40
jackson-databind: before 2.16.1-4.fc40
jackson-core: before 2.16.1-4.fc40
jackson-bom: before 2.16.1-3.fc40
jackson-annotations: before 2.16.1-3.fc40
jFormatString: before 0-0.49.20131227gitf159b88.fc40
imagej: before 1.54h-4.fc40
icu4j: before 74.2-4.fc40
icedtea-web: before 1.8.8-5.fc40
icecat: before 115.8.0-2.rh1.fc40
httpcomponents-project: before 13-6.fc40
httpcomponents-core: before 4.4.16-8.fc40
httpcomponents-client: before 4.5.14-8.fc40
hibernate-jpa-2.0-api: before 1.0.1-40.fc40
hawtjni: before 1.18-12.fc40
hamcrest: before 2.2-16.fc40
guava: before 32.1.3-5.fc40
google-guice: before 5.1.0-11.fc40
gnulib: before 0-50.20230709git.fc40
fusesource-pom: before 1.12-18.fc40
frysk: before 0.4-94.fc40
freerouting: before 1.3.1-17.fc40
freecol: before 1.1.0-4.fc40
forge-parent: before 38-28.fc40
fop: before 2.9-6.fc40
flute: before 1.3.0-37.OOo31.fc40
fishbowl: before 1.4.1-9.fc40
filedrop: before 1.1-24.fc40
fernflower: before 211.7442.40-11.fc40
felix-utils: before 1.11.8-9.fc40
felix-parent: before 8-5.fc40
fasterxml-oss-parent: before 58-2.fc40
extra-enforcer-rules: before 1.7.0-6.fc40
enjarify: before 1.0.3-35.fc40
ed25519-java: before 0.3.0-21.fc40
eclipse-swt: before 4.29-4.fc40
ecj: before 4.23-9.fc40
easymock: before 4.3-8.fc40
dogtag-pki: before 11.5.0-1.fc40.1
ditaa: before 0.10-24.fc40
disruptor: before 3.4.4-11.fc40
dirgra: before 0.4-12.fc40
directory-maven-plugin: before 0.3.1-15.fc40
diffoscope: before 257-2.fc40
decentxml: before 1.4-35.fc40
crypto-policies: before 20240201-2.git9f501f3.fc40
cryptlib: before 3.4.7-5.fc40
cortado: before 0.6.0-32.fc40
console-image-viewer: before 1.2-24.fc40
colossus: before 0.14.0-27.fc40
codehaus-parent: before 4-30.fc40
clojure-spec-alpha: before 0.3.218-8.fc40
clojure-maven-plugin: before 1.9.2-6.fc40
clojure-core-specs-alpha: before 0.2.62-8.fc40
clojure: before 1.11.1-8.fc40
classloader-leak-test-framework: before 2.7.0-8.fc40
chromium: before 122.0.6261.94-2.fc40
cglib: before 3.3.0-15.fc40
ceph: before 18.2.1-10.fc40
cdi-api: before 2.0.2-14.fc40
canl-java: before 2.8.3-5.fc40
cambozola: before 0.936-24.fc40
byteman: before 4.0.16-13.fc40
byte-buddy: before 1.14.2-8.fc40
build-helper-maven-plugin: before 3.5.0-4.fc40
bsh: before 2.1.0-12.fc40
bsf: before 2.4.0-54.fc40
brazil: before 2.3-36.fc40
bouncycastle: before 1.70-13.fc40
bolzplatz2006: before 1.0.3-58.fc40
beust-jcommander: before 1.82-9.fc40
beansbinding: before 1.2.1-36.fc40
bcel: before 6.8.1-3.fc40
batik: before 1.14-13.fc40
auto: before 1.6.1-10.fc40
atinject: before 1.0.5-12.fc40
assertj-core: before 3.24.2-8.fc40
args4j: before 2.33-26.fc40
aqute-bnd: before 6.3.1-10.fc40
apiguardian: before 1.1.2-12.fc40
apache-resource-bundles: before 1.5-7.fc40
apache-parent: before 31-5.fc40
apache-ivy: before 2.5.2-4.fc40
apache-commons-vfs: before 2.9.0-5.fc40
apache-commons-text: before 1.10.0-6.fc40
apache-commons-pool: before 1.6-37.fc40
apache-commons-parent: before 66-3.fc40
apache-commons-net: before 3.10.0-5.fc40
apache-commons-modeler: before 2.0.1-40.fc40
apache-commons-math: before 3.6.1-18.fc40
apache-commons-logging: before 1.3.0-5.fc40
apache-commons-lang3: before 3.14.0-5.fc40
apache-commons-jxpath: before 1.3-52.fc40
apache-commons-io: before 2.13.0-8.fc40
apache-commons-exec: before 1.3-31.fc40
apache-commons-digester: before 2.1-30.fc40
apache-commons-compress: before 1.25.0-5.fc40
apache-commons-collections4: before 4.4-15.fc40
apache-commons-collections: before 3.2.2-36.fc40
apache-commons-codec: before 1.16.0-7.fc40
apache-commons-cli: before 1.6.0-5.fc40
apache-commons-beanutils: before 1.9.4-19.fc40
aopalliance: before 1.0-39.fc40
antlrworks: before 1.5.2-29.fc40
antlr3: before 3.5.3-10.fc40
antlr: before 2.7.7-77.fc40
ant-antunit: before 1.4.1-11.fc40
ant: before 1.10.14-10.fc40
R-rJava: before 1.0.6-9.fc40
OpenStego: before 0.7.4-12.fc40
Mars: before 4.5-26.fc40
IPAddress: before 5.2.1-17.fc40
CardManager: before 3-29.fc40
CFR: before 0.151-16.fc40
BareBonesBrowserLaunch: before 3.1-33.fc40
CPE2.3https://bodhi.fedoraproject.org/updates/FEDORA-2024-129d8ca6fc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.