tsaekao / verademo-java

The Veracode demo application. A simple Java Web App built using Spring MVC.
0 stars 0 forks source link

CVE: 2023-26464 found in Apache Log4j - Version: 1.2.17 [JAVA] #13

Open github-actions[bot] opened 10 months ago

github-actions[bot] commented 10 months ago

Veracode Software Composition Analysis

Attribute Details
Library Apache Log4j
Description Apache Log4j 1.2
Language JAVA
Vulnerability Denial Of Service (DoS)
Vulnerability description log4j:log4j is vulnerable to Denial of Service (DoS) attacks. The vulnerability is due to the Chainsaw or SocketAppender components processing a logging entry with either a deeply nested hashmap or hashtable, which can lead to memory exhaustion when the object is deserialized. An attacker can submit a crafted logging entry and cause Denial of Service if the JRE is below 1.7.
CVE 2023-26464
CVSS score 5
Vulnerability present in version/s 1.1.3-1.2.17
Found library version/s 1.2.17
Vulnerability fixed in version
Library latest version 1.2.17
Fix No fix is released. log4j:log4j 1.x has reached End of Life. Users should upgrade to the latest Log4j 2.x version.

Links:

github-actions[bot] commented 10 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/2

github-actions[bot] commented 10 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/43

github-actions[bot] commented 8 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/63

github-actions[bot] commented 7 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/64

github-actions[bot] commented 5 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/65

github-actions[bot] commented 5 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/67

github-actions[bot] commented 5 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/68

github-actions[bot] commented 5 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/69

github-actions[bot] commented 5 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/70

github-actions[bot] commented 2 months ago

Veracode issue link to PR: https://github.com/tsaekao/verademo-java/pull/71