-
Type:
Sub-task
-
Status: Done
-
Resolution: Done
-
Affects Version/s: 5.2
-
Fix Version/s: 5.2.N
-
Component/s: Share Application
-
Labels:None
-
Sprint:Repo vulnerabilities sprint 2
-
Delivery Team:Feature Teams
log4j-1.2.17.jar | CVE-2019-17571 | CVSS3 Score 9.8 |
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.