CVE-2022-23307 @ Maven-log4j:log4j-1.2.17

Question

CVE-2022-23307 @ Maven-log4j:log4j-1.2.17

Closed this issue 7 months ago · 0 comments

cristovaoolegario commented 7 months ago

Checkmarx (SCA): Vulnerable Package
Vulnerability: Read More about CVE-2022-23307
Checkmarx Project: cristovaoolegario/astlab
Repository URL: https://github.com/cristovaoolegario/astlab
Branch: main
Scan ID: 8cc945ef-b0c3-4912-86b2-4501b97b201d

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.x where the same issue exists. Versions 1.x are no longer maintained, so users are recommended to upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: HIGH
Availability impact: HIGH