Apache Log4j — библиотека журналирования (логирования) Java-программ
Релизный цикл, информация об уязвимостях
График релизов
Количество 106
openSUSE-SU-2020:0051-1
Security update for log4j
SUSE-SU-2020:14267-1
Security update for log4j
SUSE-SU-2020:0054-1
Security update for log4j
SUSE-SU-2020:0053-1
Security update for log4j
GHSA-2qrg-x229-3v8q
Deserialization of Untrusted Data in Log4j
GHSA-fxph-q3j8-mv87
Deserialization of Untrusted Data in Log4j
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ...
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
CVE-2019-17571
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | openSUSE-SU-2020:0051-1 Security update for log4j | 53% Средний | больше 5 лет назад | |
| SUSE-SU-2020:14267-1 Security update for log4j | 53% Средний | больше 5 лет назад | |
| SUSE-SU-2020:0054-1 Security update for log4j | 53% Средний | больше 5 лет назад | |
| SUSE-SU-2020:0053-1 Security update for log4j | 53% Средний | больше 5 лет назад | |
| GHSA-2qrg-x229-3v8q Deserialization of Untrusted Data in Log4j | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
| GHSA-fxph-q3j8-mv87 Deserialization of Untrusted Data in Log4j | CVSS3: 9.8 | 94% Критический | больше 5 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
| CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to de ... | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
 | CVE-2019-17571 Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. | CVSS3: 9.8 | 53% Средний | больше 5 лет назад |
Уязвимостей на страницу