CVE-2020-14581: 
NixOS vulnerability analysis and mitigation

CVE-2020-14581 is a vulnerability in Oracle Java SE and Java SE Embedded that affects versions Java SE: 8u251, 11.0.7, 14.0.1 and Java SE Embedded: 8u251. This vulnerability is related to the 2D component and allows unauthenticated attackers with network access via multiple protocols to compromise Java SE and Java SE Embedded (Oracle Advisory).

The vulnerability is characterized as a difficult-to-exploit issue that affects matrix operations in Java's 2D component. It has been assigned a CVSS v3.1 Base Score of 3.7 LOW with the vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N. The vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets, as well as through APIs in the specified Component without using sandboxed applications (NVD).

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of Java SE and Java SE Embedded accessible data. The vulnerability affects both client and server deployments of Java (NVD).

Oracle has released patches to address this vulnerability in the July 2020 Critical Patch Update. Users should upgrade to Java SE versions 8u262, 11.0.8, or 14.0.2 as appropriate for their environment. Various Linux distributions have also released security updates including Ubuntu (20.04, 18.04), Debian (10.0), and Fedora (31, 32) (Ubuntu USN, Debian DSA).