CRITICAL🇬🇧 English

CVE-2020-9493

CVSS 9.8v3.1pub. 2021-06-16upd. 2024-11-21

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apache Chainsaw

    APP
    Apache
    < 2.1.0
  • Apache Log4j

    APP
    Apache
    1.2 – 2.0 (bez)
  • Qos Reload4j

    APP
    Qos
    < 1.2.18.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCEDeserialization
CWE
Referencje

Powiązane podatności

CVE-2021-45046CRITICAL9.0⚠ KEVten sam produkt

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-defau...

CVE-2021-44228CRITICAL10.0⚠ KEVten sam produkt

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features u...

CVE-2022-23305CRITICAL9.8ten sam produkt

By design, the JDBCAppender in Log4j 1.2.x accepts an SQL statement as a configuration parameter where the val...

CVE-2019-17571CRITICAL9.8ten sam produkt

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which ca...

CVE-2017-5645CRITICAL9.8ten sam produkt

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized ...