Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j Chainsaw is vulnerable to deserialized code execution. The vulnerability stems from insufficient cleanup of user-supplied data in JDBCAppender in a non-default configuration with JDBCAppender enabled. A remote attacker could use the vulnerability to send a specially crafted request to the affected application and execute arbitrary SQL commands in the application database.
CPE | Name | Operator | Version |
---|---|---|---|
apache chainsaw < | eq | 2.1.0 |