CVE-2023-22091: 
Linux Alpine vulnerability analysis and mitigation

A vulnerability has been identified in Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition's Compiler component. The affected versions include Oracle GraalVM for JDK versions 17.0.8 and 21, as well as Oracle GraalVM Enterprise Edition versions 20.3.11, 21.3.7, and 22.3.3. This vulnerability was disclosed as part of Oracle's October 2023 Critical Patch Update (Oracle CPU).

The vulnerability is classified as difficult to exploit and allows unauthenticated attackers with network access via multiple protocols to compromise the affected systems. The vulnerability has been assigned a CVSS 3.1 Base Score of 4.8 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating network attack vector, high attack complexity, no privileges required, and no user interaction needed (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle GraalVM accessible data, as well as unauthorized read access to a subset of Oracle GraalVM accessible data (Oracle CPU).

Oracle has released patches to address this vulnerability as part of their October 2023 Critical Patch Update. Users are strongly advised to apply these security patches without delay to protect against potential exploitation (Oracle CPU).