[jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer

Patrick D. Hunt (Jira) Tue, 07 Jan 2020 09:23:12 -0800

Patrick D. Hunt created ZOOKEEPER-3677:
------------------------------------------


             Summary: owasp checker failing for - CVE-2019-17571 Apache Log4j 
1.2 deserialization of untrusted data in SocketServer
                 Key: ZOOKEEPER-3677
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3677
             Project: ZooKeeper
          Issue Type: Bug
          Components: security
            Reporter: Patrick D. Hunt


Doesn't look like this impacts us (we don't use SocketServer) however we should 
figure out what to do as the owasp checker is failing and the rating is quite 
high (9.8 - bound to get interest)

https://nvd.nist.gov/vuln/detail/CVE-2019-17571

Perhaps ZOOKEEPER-2342 should be prioritized.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (ZOOKEEPER-3677) owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer

Reply via email to