5l1D3R / Github-actions

0 stars 0 forks source link

CVE: 2022-23307 found in Apache Log4j - Version: 1.2.17 [JAVA] #10

Open github-actions[bot] opened 1 year ago

github-actions[bot] commented 1 year ago

Veracode Software Composition Analysis

Attribute Details
Library Apache Log4j
Description Apache Log4j 1.2
Language JAVA
Vulnerability Remote Code Execution (RCE)
Vulnerability description Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system.
CVE 2022-23307
CVSS score 9
Vulnerability present in version/s 1.1.3-1.2.17
Found library version/s 1.2.17
Vulnerability fixed in version
Library latest version 1.2.17
Fix There is currently no fix version for this package. Upgrade to log4j 2, use other utility to view logs or remove the Chainsaw component if possible

Links:

github-actions[bot] commented 1 year ago

Veracode issue link to PR: https://github.com/5l1D3R/Github-actions/pull/2