Описание
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| apache-log4j1.2 | fixed | 1.2.17-11 | package | |
| apache-log4j1.2 | fixed | 1.2.17-10+deb11u1 | bullseye | package |
| apache-log4j1.2 | fixed | 1.2.17-8+deb10u2 | buster | package |
Примечания
https://www.openwall.com/lists/oss-security/2022/01/18/5
EPSS
Связанные уязвимости
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Deserialization of Untrusted Data in Apache Log4j
Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
EPSS