Giters

matteobaccan / owner

Get rid of the boilerplate code in properties based configuration.

Home Page:https://matteobaccan.github.io/owner/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2020-9493 (Critical) detected in log4j-1.2.17.jar

mend-bolt-for-github opened this issue · comments

commented

CVE-2020-9493 - Critical Severity Vulnerability

Vulnerable Library - log4j-1.2.17.jar

Apache Log4j 1.2

Path to dependency file: /owner-extras/pom.xml

Path to vulnerable library: /owner-extras/pom.xml

Dependency Hierarchy:

  • curator-framework-4.3.0.jar (Root Library)
    • curator-client-4.3.0.jar
      • zookeeper-3.5.7.jar
        • log4j-1.2.17.jar (Vulnerable Library)

Found in HEAD commit: 12e21721ff1098fe44de120bf2737fd994f40fa6

Found in base branch: master

Vulnerability Details

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.

Publish Date: 2021-06-16

URL: CVE-2020-9493

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.openwall.com/lists/oss-security/2021/06/16/1

Release Date: 2021-06-16

Fix Resolution: ch.qos.reload4j:reload4j:1.2.18.1

Step up your Open Source Security Game with Mend here