Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j JMSSink is vulnerable to deserialized code execution. The vulnerability stems from insecure input validation when the program is processing serialized data. A remote attacker could exploit the vulnerability to pass specially crafted data to the application and execute arbitrary code on the target system.
CPE | Name | Operator | Version |
---|---|---|---|
apache chainsaw < | eq | 2.1.0 |