{"affected":[{"ecosystem_specific":{"binaries":[{"java-1_8_0-openj9":"1.8.0.362-150200.3.30.1","java-1_8_0-openj9-accessibility":"1.8.0.362-150200.3.30.1","java-1_8_0-openj9-demo":"1.8.0.362-150200.3.30.1","java-1_8_0-openj9-devel":"1.8.0.362-150200.3.30.1","java-1_8_0-openj9-headless":"1.8.0.362-150200.3.30.1","java-1_8_0-openj9-javadoc":"1.8.0.362-150200.3.30.1","java-1_8_0-openj9-src":"1.8.0.362-150200.3.30.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"java-1_8_0-openj9","purl":"pkg:rpm/opensuse/java-1_8_0-openj9&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.8.0.362-150200.3.30.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for java-1_8_0-openj9 fixes the following issues:\n\n- CVE-2023-21830: Fixed improper restrictions in CORBA deserialization (bsc#1207249).\n- CVE-2023-21843: Fixed soundbank URL remote loading (bsc#1207248).\n","id":"SUSE-SU-2023:0685-1","modified":"2023-03-09T12:45:06Z","published":"2023-03-09T12:45:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20230685-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207248"},{"type":"REPORT","url":"https://bugzilla.suse.com/1207249"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21830"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-21843"}],"related":["CVE-2023-21830","CVE-2023-21843"],"summary":"Security update for java-1_8_0-openj9","upstream":["CVE-2023-21830","CVE-2023-21843"]}