CVE-2020-9493

Summary

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache ChainsawApache Chainsaw < 2.1.0affected

Weaknesses

  • CWE-502: CWE-502 Deserialization of Untrusted Data

Workarounds

Don't configure Chainsaw to read serialized log events. Use a different receiver, such as XMLSocketReceiver

ADP Enrichment

CVE Program Container

Additional References

References