Packages offered here are subject to distribution rights, which means they may need to reach out further to the internet to the official locations to download files at runtime.įortunately, distribution rights do not apply for internal use. If you are an organization using Chocolatey, we want your experience to be fully reliable.ĭue to the nature of this publicly offered repository, reliability cannot be guaranteed. Human moderators who give final review and sign off.Security, consistency, and quality checking.ModerationĮvery version of each package undergoes a rigorous moderation process before it goes live that typically includes: Additionally, check for malicious software or abnormal behavior.Welcome to the Chocolatey Community Package Repository! The packages found in this section of the site are provided, maintained, and moderated by the community. Solution Discard any installers for versions of Oracle JDK / JRE prior to 8 Update 73, 7 Update 97, or 6 Update 113. A system with the vulnerable versions of Java installed should be checked for malicious software or abnormal behaviors.
If an attacker convinced a user to download a set of malicious files before Java was installed, then arbitrary code may have been executed during the installation. It is, therefore, affected by an arbitrary code execution vulnerability that may have been exploited when installing Java. Description The version of Oracle Java SE or Java for Business installed on the remote host is prior to 8 Update 73, 7 Update 97, or 6 Update 113. Synopsis The remote Windows host contains a programming platform that is affected by an arbitrary code execution vulnerability. Severity display preferences can be toggled in the settings dropdown. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity.
The calculated severity for Plugins has been updated to use CVSS v3 by default.
0 kommentar(er)
