zookeeper-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Patrick D. Hunt (Jira)" <j...@apache.org>
Subject [jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer
Date Tue, 07 Jan 2020 17:23:00 GMT
Patrick D. Hunt created ZOOKEEPER-3677:
------------------------------------------

             Summary: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization
of untrusted data in SocketServer
                 Key: ZOOKEEPER-3677
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3677
             Project: ZooKeeper
          Issue Type: Bug
          Components: security
            Reporter: Patrick D. Hunt


Doesn't look like this impacts us (we don't use SocketServer) however we should figure out
what to do as the owasp checker is failing and the rating is quite high (9.8 - bound to get
interest)

https://nvd.nist.gov/vuln/detail/CVE-2019-17571

Perhaps ZOOKEEPER-2342 should be prioritized.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message