---

CVE-2017-10087 - log back

CVE-2017-10087 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ It was discovered that the implementation of the ThreadPoolExecutor class in the java.util.concurrent package of the Libraries component of OpenJDK failed to properly perform access control checks. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/e95a13de2d36
Notes