DirectorySecurity Advisories
Sign In
Security Advisories

CVE-2019-17571

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2019-17571

CGA ID

CGA-8wrm-wc9c-gxxw

Severity

9.8

Critical

CVSS V3

Description

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

References

Affected packages


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images