Uploaded image for project: 'Share Application'
  1. Share Application
  2. SHA-2418 Upgrade Share libraries with security vulnerabilities of CVSS 3 score above 6 for Share 5.2.7
  3. SHA-2419

Security vulnerabilies in log4j-1.2.17 with CVSS3 Score 9.8

          Details

          • Sprint:
            Repo vulnerabilities sprint 2
          • Delivery Team:
            Feature Teams
          • Template:

            Description

            log4j-1.2.17.jar CVE-2019-17571 CVSS3 Score 9.8

            Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

             

              Attachments

                Structure

                  Activity

                    People

                    • Assignee:
                      Unassigned
                      Reporter:
                      glazar George Lazar [X] (Inactive)
                    • Votes:
                      0 Vote for this issue
                      Watchers:
                      3 Start watching this issue

                      Dates

                      • Created:
                        Updated:
                        Resolved:

                        Structure Helper Panel