---

CVE-2017-10090 - log back

CVE-2017-10090 created at 25 Sep 2019 19:31:40
Severity	+ Critical
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ It was discovered that the implementation of the AsynchronousChannelGroupImpl class in the java.nio.channels package of the Libraries component of OpenJDK failed to properly perform access control checks. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/51631f9fa8d8
Notes