Security Advisories

CVE-2020-9488

Published

Last updated

https://nvd.nist.gov/vuln/detail/CVE-2020-9488

Severity

3.7

Low

CVSS V3

Description

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1

References

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2020-9488

Severity

Description

References

Affected packages

Product

Why Chainguard

Why Chainguard

Customers

Customers

Company

Company

Resources

Resources