Описание
Deserialization of Untrusted Data in Apache Log4j
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the library.
Пакеты
log4j:log4j
<= 1.2.17
Отсутствует
org.zenframework.z8.dependencies.commons:log4j-1.2.17
<= 2.0
Отсутствует
Связанные уязвимости
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
CVE-2020-9493 identified a deserialization issue that was present in A ...
Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код