Описание
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 2.10.0-2 |
| cosmic | not-affected | 2.10.0-2 |
| devel | not-affected | 2.10.0-2 |
| disco | not-affected | 2.10.0-2 |
| eoan | not-affected | 2.10.0-2 |
| esm-apps/bionic | not-affected | 2.10.0-2 |
| esm-apps/focal | not-affected | 2.10.0-2 |
| esm-apps/jammy | not-affected | 2.10.0-2 |
| esm-apps/noble | not-affected | 2.10.0-2 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...
Уязвимость библиотеки журналирования Java-программ Log4j, связанная с восстановлением в памяти недостоверных данных, позволяющая нарушителю выполнить произвольный код
7.5 High
CVSS2
9.8 Critical
CVSS3