CVE-2022-23307 @ Maven-log4j:log4j-1.2.17

**Vulnerable Package** issue exists @ **Maven\-log4j:log4j\-1\.2\.17** in branch **main**

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.x where the same issue exists.

**Namespace:** James-AST
**Repository:** astlab
**Repository Url:** https://github.com/James-AST/astlab
**CxAST\-Project:** James-AST/astlab
**CxAST platform scan:** [8d73a497\-bbc7\-4126\-b536\-ea634bc032dd](https://ast.checkmarx.net/projects/f9affdfe-1e7c-4bfc-a40a-f266cde328d3/scans?id=8d73a497-bbc7-4126-b536-ea634bc032dd&branch=main)
**Branch:** main
**Application:** astlab
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-502


----
**Addition Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** HIGH
**Availability impact:** HIGH


----
**References**
[Mail Thread](https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh)
[Issue](https://bugzilla.redhat.com/show_bug.cgi?id=2041967)
[Advisory](https://github.com/advisories/GHSA-f7vh-qwp3-x37m)
[Advisory](https://logging.apache.org/log4j/1.2/index.html)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2022-23307 @ Maven-log4j:log4j-1.2.17 #10

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CVE-2022-23307 @ Maven-log4j:log4j-1.2.17 #10

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions