Uploaded image for project: 'Tools (JBoss Tools)'
  1. Tools (JBoss Tools)
  2. JBIDE-27040

Update log4j to 2.13.0(due to CVE-2019-17571)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 4.14.0.Final
    • 4.14.0.Final
    • build, openshift
    • None
    • devex #179 Jan/Feb 2020

      From repo:

      CVE-2019-17571
moderate severity
Vulnerable versions: >= 1.2, <= 1.2.27
Patched version: No fix
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

              jkopriva@redhat.com Josef Kopriva
              jkopriva@redhat.com Josef Kopriva
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: