CVE-2020-14664: 
Amazon Corretto JDK vulnerability analysis and mitigation

A vulnerability was identified in Oracle Java SE's JavaFX component affecting Java SE version 8u251. The vulnerability (CVE-2020-14664) was disclosed in July 2020 and involves HTML rendering issues in JavaFX that could potentially lead to system compromise (Oracle CPU, NVD).

The vulnerability exists within the rendering of HTML in JavaFX. The specific flaw stems from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. The vulnerability has been assigned a CVSS 3.1 Base Score of 8.3 (High) with the vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H (ZDI).

Successful exploitation of this vulnerability can result in takeover of Java SE. The vulnerability requires human interaction and while it exists in Java SE, attacks may significantly impact additional products. The scope of impact includes potential unauthorized access to data and system compromise (NVD).

Oracle has released security patches to address this vulnerability in their July 2020 Critical Patch Update. The fix is included in Java SE versions after 8u251. For systems that cannot be immediately patched, it's important to note that this vulnerability does not affect Java deployments that load and run only trusted code, such as those typically found in servers (Oracle CPU, NetApp Advisory).