You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Deserialization of Untrusted Data in Apache Log4j
Critical severity
GitHub Reviewed
Published
Jan 19, 2022
to the GitHub Advisory Database
•
Updated Oct 31, 2023
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the library.
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
Users are advised to migrate from
log4j:log4j
toorg.apache.logging.log4j:log4j
for an updated version of the library.References