[EDGRTAC-26] Fix security vulnerability reported in log4j 1.2 - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Task
Status: Closed (View Workflow)
Priority: P2
Resolution: Done
Affects Version/s: None
Fix Version/s: 2.1.0
Labels:
- security

Template:
Sprint:
Gulfstream Sprint 94
Story Points:
1
Development Team:
Gulfstream

Description

Remediation

No patched version is available.

Details

CVE-2019-17571

moderate severity

*Vulnerable versions:* >= 1.2, <= 1.2.27

*Patched version:* No fix

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

TestRail: Results

Attachments

Issue Links

defines

UXPROD-2556 Technical, NFR, & Misc bug work for Gulfstream

Closed

relates to

FOLIO-2639 Fix 'folio-sample-modules' security vulnerability reported in log4j >= 1.2, <= 1.2.27

Closed

MODINV-197 Fix security vulnerability reported in log4j >= 1.2, <= 1.2.27

Closed

Activity

People

Assignee:: Oleksandr Yatsenko

Reporter:: Peter Murray

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 09/Jun/20 3:17 PM

Updated:: 01/Sep/20 3:23 PM

Resolved:: 04/Aug/20 7:48 AM

Fix security vulnerability reported in log4j 1.2

Details

Description

Remediation

Details

TestRail: Results

Attachments

Issue Links

Activity

People

Dates

TestRail: Runs

TestRail: Cases