CVE-2022-23307

ADVISORY - github

Summary

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Users are advised to migrate from log4j:log4j to org.apache.logging.log4j:log4j for an updated version of the library.

EPSS Score⁠: 0.00654 (0.699)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-502⁠

Deserialization of Untrusted Data

ADVISORY - github

CWE-502⁠

Deserialization of Untrusted Data

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-502⁠

Deserialization of Untrusted Data

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-502⁠

Deserialization of Untrusted Data

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.