oss-sec mailing list archives
CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw
From: Robert Middleton <rmiddleton () apache org>
Date: Tue, 15 Jun 2021 22:50:07 -0400
Reply-to: general () logging apache org Description: A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. Mitigation: Don't configure Chainsaw to read serialized log events. Use a different receiver, such as XMLSocketReceiver Credit: This issue was reported by @kingkk
Current thread:
- CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw Robert Middleton (Jun 15)