CVE-2021-2161 log

Source
Severity Medium
Remote Yes
Type Incorrect calculation
Description
It was discovered that the implementation of ProcesBuilder in the Libraries component of OpenJDK on the Windows platform did not properly detect command arguments that were not quoted correctly. This could lead to manipulation of command arguments when executing processes with arguments from untrusted sources. This issue did not affect OpenJDK builds on the Linux platform. It is fixed in versions 16.0.1, 11.0.11, 8u291, and 7u301.
Group Package Affected Fixed Severity Status Ticket
AVG-1868 jdk7-openjdk 7.u261_2.6.22-1 Medium Not affected
AVG-1867 jdk8-openjdk 8.u282-1 8.u292-1 Medium Not affected
AVG-1866 jdk11-openjdk 11.0.10.u9-1 11.0.11.u9-1 Medium Not affected
AVG-1865 jdk-openjdk 15.0.2.u7-1 Medium Not affected
References
https://www.oracle.com/security-alerts/cpuapr2021verbose.html#JAVA
https://bugzilla.redhat.com/show_bug.cgi?id=1951231
https://bugs.java.com/bugdatabase/view_bug.do?bug_id=JDK-8250568
https://www.oracle.com/java/technologies/javase/16-0-1-relnotes.html
https://www.oracle.com/java/technologies/javase/11-0-11-relnotes.html
https://www.oracle.com/java/technologies/javase/8u291-relnotes.html
https://www.oracle.com/java/technologies/javase/7-support-relnotes.html#R170_301
http://hg.openjdk.java.net/jdk-updates/jdk11u/rev/c73fe2a0141e
http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/b423d9afa01f