CVE-2022-23307

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

high 8.8 CVSS 3.1
Published: Jan 18, 2022
Modified: Nov 21, 2024
Vendor: Apache
Product: Chainsaw
Versions: 12.1,12.2,5.9.0.0.0,12.2.1.3.0,12.2.1.4.0,4.5,10.0.1.5.0,8.1,7.3.6,12.0.0.5.0

Description

CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.

References

Related CVEs

CVE-2026-50076 critical · 9.1
Deserialization of Untrusted Data in the Java replace-resolve path in Apache Fory fory-core Java SDK before 1.1.0 on Java/JVM platforms allows a remote attacker to bypass class reg
CVE-2026-46764 medium · 4.3
The Event Log detail endpoint `GET /api/v2/eventLogs/{event_log_id}` in Apache Airflow fetched audit-log rows directly by numeric ID after only the generic Audit Log permission che
CVE-2026-48726 medium · 6.5
A bug in Apache Airflow's auth manager logout handling left previously-issued JWT tokens valid after the user clicked logout in the UI: the logout flow for `FabAuthManager` and `Ke
CVE-2026-48827 high · 7.1
Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and other git operations allows users authenticated
CVE-2026-45426 low · 3.1
Exploitation requires the attacker to already be an authenticated Airflow worker holding a valid Log-server JWT issued for at least one Dag. Apache Airflow's Log server authorized
CVE-2026-45505 high · 8.8
Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. Non-parenthesi