Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3677

owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      Doesn't look like this impacts us (we don't use SocketServer) however we should figure out what to do as the owasp checker is failing and the rating is quite high (9.8 - bound to get interest)

      https://nvd.nist.gov/vuln/detail/CVE-2019-17571

      Perhaps ZOOKEEPER-2342 should be prioritized.

      Attachments

        Issue Links

          is duplicated by

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-4305 log4j CVE problem

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-3990 Log4j 1.2.17 used by zookeeper 3.6.1 is vulnerable to CVE-2019-17571

          • Major - Major loss of function.
          • Resolved
          is fixed by

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-2342 Migrate to Log4J 2.

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #1209

          Activity

            People

              eolivelli Enrico Olivelli
              phunt Patrick D. Hunt
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m