---

CVE-2017-10109 - log back

CVE-2017-10109 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Access restriction bypass
Description	+ It was discovered that the implementation of the CodeSource class in OpenJDK did not limit the amount of memory allocated when creating object instance from a serialized form. An untrusted Java application or applet could use this flaw to cause JVM to allocate an excessive amount of memory, bypassing certain Java sandbox restrictions.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/56e0ab47dbec
Notes