Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9366

Upgrade log4j to log4j2

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: In Progress
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 2.2.0, 2.1.1, 2.3.0, 2.4.0
    • Fix Version/s: 3.1.0
    • Component/s: core
    • Labels:

      Description

      CVE-2019-17571 Detail

      Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

       

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dongjin Dongjin Lee
                Reporter:
                lbdai3190 leibo
              • Votes:
                8 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated: