A flaw was found in the way the readObject() method of the MethodType class in the Libraries component of OpenJDK checked argument types. An untrusted Java application or applet could use this flaw to bypass Java sandbox restrictions.

Public now via Oracle CPU April 2020: https://www.oracle.com/security-alerts/cpuapr2020.



Source link

You must be logged in to post a comment.