apache chainsaw CVE-2022-23307 in Apache and Qos Products
Published on January 18, 2022

product logo product logo
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2022-23307 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Marshaling, Unmarshaling Vulnerability?

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

CVE-2022-23307 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.


Products Associated with CVE-2022-23307

You can be notified by stack.watch whenever vulnerabilities like CVE-2022-23307 are published in these products:

 
 
 

What versions are vulnerable to CVE-2022-23307?