CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
{
"cwe_ids": [
"CWE-502"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23307.json",
"cna_assigner": "apache",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "1.2.1"
},
{
"last_affected": "1.2.1"
},
{
"last_affected": "2.0-alpha1"
}
],
"source": "AFFECTED_FIELD"
}
]
}{
"cpe": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "1.2"
},
{
"fixed": "2.0"
}
],
"source": "CPE_RANGE"
}