CVE-2020-9493

Summary

CVE	CVE-2020-9493
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-06-16 08:15:00 UTC
Updated	2023-11-07 03:26:00 UTC
Description	A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.

Risk And Classification

Problem Types: CWE-502

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Chainsaw	All	All	All	All
Application	Apache	Log4j	All	All	All	All
Application	Qos	Reload4j	All	All	All	All

References

Reference	Source	Link	Tags
oss-security - CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw	MISC	www.openwall.com
Pony Mail!	MLIST	lists.apache.org
Pony Mail!		lists.apache.org
oss-security - CVE-2020-9493: Apache Chainsaw: Java deserialization in Chainsaw	MLIST	www.openwall.com
oss-security - CVE-2022-23307: Apache Log4j 1.x: A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.	MLIST	www.openwall.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

Vendor Comments And Credit

Discovery Credit

LEGACY: This issue was reported by @kingkk

Legacy QID Mappings

730542 Atlassian Confluence Server and Confluence Data Center Log4j Multiple Vulnerabilities (CONFSERVER-78991)
730566 Atlassian Jira Server and Data Center Log4j Vulnerability (JRASERVER-73885)
731338 Atlassian Bamboo Server and Data Center Multiple Security Vulnerabilities (BAM-21696, BAM-21697)