CVE-2022-23307

About vulnerability

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

Affected product:

Apache Commons , Apache Hadoop , Apache Hive , Apache Kafka , Apache Spark , Apache Struts , CentOS 6 ELS , CentOS 7 ELS , CentOS 8.4 ELS , CentOS 8.5 ELS , CloudLinux 6 ELS , Eclipse Jetty , Hibernate , Logback , Oracle Linux 6 ELS , Plexus , Reload4j , Spring , accumulo , activeio-core , activemq , agepredictor , ant , apache-log4j-extras , avro , bookkeeper-common-allocator , castor , cocoon , core , cxf , dropwizard-metrics-hadoop-metrics2-reporter , elasticsearch , flume-ng-core , geronimo-xbean , gradle , hbase , incubator-retired-slider , jgit , karaf , logging-flume , lucene , maven , org.ops4j.pax.logging , oval , pax-logging-service , sisu , slf4j , slider-core , tika , zkclient , zookeeper

Affected packages:

elasticsearch-scripting-painless-spi @ 7.9.3 (+2099 more)

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.