CVE-2017-5645

Published: 2017-04-17T21:59Z

Last Modified: 2024-11-21T03:28Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt