corretto-17
Amazon Corretto 17 is a no-cost, multi-platform, production-ready distribution of OpenJDK 17 (by corretto)
security-labs-pocs
Proof of concept code for Datadog Security Labs referenced exploits. (by DataDog)

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured

Nutrient – The #1 PDF SDK Library, trusted by 10K+ developers
Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries.
www.nutrient.io
featured
corretto-17 | security-labs-pocs | |
---|---|---|
6 | 9 | |
222 | 419 | |
0.9% | 0.2% | |
9.7 | 5.0 | |
5 days ago | over 1 year ago | |
Java | C | |
GNU General Public License v3.0 only | GNU General Public License v3.0 or later |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
corretto-17
Posts with mentions or reviews of corretto-17.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-21.
- Editing the Java compiler
-
CVE-2022-21449
Amazon Coretto updated their changelog, mentioning CVE-2022-21449 on the 12th of April.
-
JDK 17.0.3 released
Note that the numbering is the same for the other distros, though (e.g. there should be an Eclipse Temurin 17.0.3 release soon, an Amazon Corretto 17.0.3 release is available, etc.
- Amazon Corretto 18 is now generally available
- Amazon Corretto: Offer cryptographic signatures of downloadable artefacts
security-labs-pocs
Posts with mentions or reviews of security-labs-pocs.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-21.
-
Python install for non IT staff
Also to your point, interpreted languages are not as reliably detected by AV/NGAV/EDR/etc. from my experience. You could inquire with your EDR's technical reps or try downloading/running some existing malware written in Python in a disposable VM with your EDR installed and see if it gets picked up. Here are some real-world examples you could use, too: https://github.com/DataDog/security-labs-pocs/tree/main/malware-samples/pypi
- DataDog/security-labs-pocs: Proof of concept code for Datadog Security Labs referenced exploits. Now updated with a vulnerable environment to test out the new Confluence #CVE202226134 vulnerability. Handy.
- GitHub - DataDog/security-labs-pocs: Proof of concept code for Datadog Security Labs referenced exploits.
- Null ECDSA Signatures - Proof of concept for bypassing JWT signature checks using CVE-2022-21449
- Exploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449)
-
CVE-2022-21449
Arch as well but the point about responsible disclosure is for the majority of users to have the patch before the vulnerability and POC are published. And I'd bet most Java web things are running on one of the unpatched builds (like Ubuntu with its 10 year LTS).
- Exploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449) - not a real app, but fundament technique means it is only time
-
CVE-2022-21449: Psychic Signatures in Java
For anyone looking to reproduce the vulnerability with a sample vulnerable application, my team just released this to showcase it applied to bypass a JWT verification process: https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
What are some alternatives?
When comparing corretto-17 and security-labs-pocs you can also consider the following projects:
corretto-11 - Amazon Corretto 11 is a no-cost, multi-platform, production-ready distribution of OpenJDK 11
jjwt - Java JWT: JSON Web Token for Java and Android
adoptium
openJDK-docker - Docker Official Image packaging for EA builds of OpenJDK from Oracle
installer - Installer scripts for Eclipse Temurin binaries
corretto-8 - Amazon Corretto 8 is a no-cost, multi-platform, production-ready distribution of OpenJDK 8
proposal-types-as-comments - ECMAScript proposal for type syntax that is erased - Stage 1 [Moved to: https://github.com/tc39/proposal-type-annotations]
corretto-18 - Amazon Corretto 18 is a no-cost, multi-platform, production-ready distribution of OpenJDK 18

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured

Nutrient – The #1 PDF SDK Library, trusted by 10K+ developers
Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries.
www.nutrient.io
featured