Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE: 2022-23307 found in Apache Log4j - Version: 1.2.17 [JAVA] #844

Open
github-actions bot opened this issue Sep 24, 2022 · 0 comments
Open

CVE: 2022-23307 found in Apache Log4j - Version: 1.2.17 [JAVA] #844

github-actions bot opened this issue Sep 24, 2022 · 0 comments
Labels
Severity: Very High Very High severity Veracode Dependency Scanning A Veracode identified vulnerability

Comments

@github-actions
Copy link

Veracode Software Composition Analysis

Attribute Details
Library Apache Log4j
Description Apache Log4j 1.2
Language JAVA
Vulnerability Remote Code Execution (RCE)
Vulnerability description Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system.
CVE 2022-23307
CVSS score 9
Vulnerability present in version/s 1.1.3-1.2.17
Found library version/s 1.2.17
Vulnerability fixed in version
Library latest version 1.2.17
Fix There is currently no fix version for this package. Upgrade to log4j 2, use other utility to view logs or remove the Chainsaw component if possible

Links:
@github-actions github-actions bot added Severity: Very High Very High severity Veracode Dependency Scanning A Veracode identified vulnerability labels Sep 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Severity: Very High Very High severity Veracode Dependency Scanning A Veracode identified vulnerability
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants