Uploaded image for project: 'Share Application'
  1. Share Application
  2. SHA-2418 Upgrade Share libraries with security vulnerabilities of CVSS 3 score above 6 for Share 5.2.7
  3. SHA-2419

Security vulnerabilies in log4j-1.2.17 with CVSS3 Score 9.8

    Details

    • Type: Sub-task
    • Status: Done
    • Resolution: Done
    • Affects Version/s: 5.2
    • Fix Version/s: 5.2.N
    • Component/s: Share Application
    • Labels:
      None
    • Sprint:
      Repo vulnerabilities sprint 2
    • Delivery Team:
      Feature Teams

      Description

      log4j-1.2.17.jar CVE-2019-17571 CVSS3 Score 9.8

      Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

       

        Attachments

          Structure

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                glazar George Lazar [X] (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Structure Helper Panel