CVE-2021-41041

Summary

In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles.

Affected Software

VendorProductVersion RangeStatus
The Eclipse FoundationEclipse OpenJ9unspecified < 0.32.0affected

Weaknesses

  • CWE-252: CWE-252: Unchecked Return Value
  • CWE-843: CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')
  • CWE-908: CWE-908: Use of Uninitialized Resource

ADP Enrichment

CVE Program Container

Additional References

References