Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-9366

Upgrade log4j to log4j2

    XMLWordPrintableJSON

Details

    • Bug
    • Status: In Progress
    • Critical
    • Resolution: Unresolved
    • 2.2.0, 2.1.1, 2.3.0, 2.4.0
    • 4.0.0
    • core

    Description

      CVE-2019-17571 Detail

      Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

       

      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

       

      Attachments

        Issue Links

          Activity

            People

              dongjin Dongjin Lee
              lbdai3190 leibo
              Votes:
              26 Vote for this issue
              Watchers:
              47 Start watching this issue

              Dates

                Created:
                Updated: