Title: CVE-2022-23307 @ Maven-log4j:log4j-1.2.17 · Issue #10 · DefenderForCodeOrg/astlab · GitHub
Open Graph Title: CVE-2022-23307 @ Maven-log4j:log4j-1.2.17 · Issue #10 · DefenderForCodeOrg/astlab
X Title: CVE-2022-23307 @ Maven-log4j:log4j-1.2.17 · Issue #10 · DefenderForCodeOrg/astlab
Description: Vulnerable Package issue exists @ Maven-log4j:log4j-1.2.17 in branch main CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.x where th...
Open Graph Description: Vulnerable Package issue exists @ Maven-log4j:log4j-1.2.17 in branch main CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was ...
X Description: Vulnerable Package issue exists @ Maven-log4j:log4j-1.2.17 in branch main CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was ...
Opengraph URL: https://github.com/DefenderForCodeOrg/astlab/issues/10
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"CVE-2022-23307 @ Maven-log4j:log4j-1.2.17","articleBody":"**Vulnerable Package** issue exists @ **Maven\\-log4j:log4j\\-1\\.2\\.17** in branch **main**\r\n\r\nCVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was a component of Apache Log4j 1.x where the same issue exists.\r\n\r\n**Namespace:** James-AST\r\n**Repository:** astlab\r\n**Repository Url:** https://github.com/James-AST/astlab\r\n**CxAST\\-Project:** James-AST/astlab\r\n**CxAST platform scan:** [8d73a497\\-bbc7\\-4126\\-b536\\-ea634bc032dd](https://ast.checkmarx.net/projects/f9affdfe-1e7c-4bfc-a40a-f266cde328d3/scans?id=8d73a497-bbc7-4126-b536-ea634bc032dd\u0026branch=main)\r\n**Branch:** main\r\n**Application:** astlab\r\n**Severity:** HIGH\r\n**State:** NOT_IGNORED\r\n**Status:** RECURRENT\r\n**CWE:** CWE-502\r\n\r\n\r\n----\r\n**Addition Info**\r\n**Attack vector:** NETWORK\r\n**Attack complexity:** LOW\r\n**Confidentiality impact:** HIGH\r\n**Availability impact:** HIGH\r\n\r\n\r\n----\r\n**References**\r\n[Mail Thread](https://lists.apache.org/thread/rg4yyc89vs3dw6kpy3r92xop9loywyhh)\r\n[Issue](https://bugzilla.redhat.com/show_bug.cgi?id=2041967)\r\n[Advisory](https://github.com/advisories/GHSA-f7vh-qwp3-x37m)\r\n[Advisory](https://logging.apache.org/log4j/1.2/index.html)\r\n","author":{"url":"https://github.com/jbrotsos","@type":"Person","name":"jbrotsos"},"datePublished":"2022-04-26T16:35:49.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":0},"url":"https://github.com/10/astlab/issues/10"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:b84ceacd-6735-7527-53d1-8db2c461467c |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | CA20:2336C1:87871:B96D8:6A5A56BB |
| html-safe-nonce | 0064d7fc2f50c217983ba3d059c25e1f917adabe3fc27be7ed5b94089a45170e |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiJDQTIwOjIzMzZDMTo4Nzg3MTpCOTZEODo2QTVBNTZCQiIsInZpc2l0b3JfaWQiOiI2MDc5NTczNDE1MjU3ODU1Njc1IiwicmVnaW9uX2VkZ2UiOiJpYWQiLCJyZWdpb25fcmVuZGVyIjoiaWFkIn0= |
| visitor-hmac | 23186618765adf0c529b443e5b9ff6634b9027aef09f07674f19340bfb12b48c |
| hovercard-subject-tag | issue:1216210190 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/DefenderForCodeOrg/astlab/10/issue_layout |
| twitter:image | https://opengraph.githubassets.com/022d3b7da2d64c90db95f11ea00279812e2edc82b87e675d309fe436b4a171f6/DefenderForCodeOrg/astlab/issues/10 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/022d3b7da2d64c90db95f11ea00279812e2edc82b87e675d309fe436b4a171f6/DefenderForCodeOrg/astlab/issues/10 |
| og:image:alt | Vulnerable Package issue exists @ Maven-log4j:log4j-1.2.17 in branch main CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0, Chainsaw was ... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | jbrotsos |
| hostname | github.com |
| expected-hostname | github.com |
| None | 05b9ddf6a47d2dbe13944873a99f5fb4b83ba4871f9cb8a8e256793a63ca9687 |
| turbo-cache-control | no-preview |
| go-import | github.com/DefenderForCodeOrg/astlab git https://github.com/DefenderForCodeOrg/astlab.git |
| octolytics-dimension-user_id | 83890223 |
| octolytics-dimension-user_login | DefenderForCodeOrg |
| octolytics-dimension-repository_id | 458868217 |
| octolytics-dimension-repository_nwo | DefenderForCodeOrg/astlab |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 458868217 |
| octolytics-dimension-repository_network_root_nwo | DefenderForCodeOrg/astlab |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | f8d29d1bd03dda2dd14b3f80b8bc27e1111f43bd |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width