It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of untrusted data if the configuration file was editable. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.2.17-8+deb10u1ubuntu0.1", "binary_name": "liblog4j1.2-java" }, { "binary_version": "1.2.17-8+deb10u1ubuntu0.1", "binary_name": "liblog4j1.2-java-doc" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.2.17-9ubuntu0.1", "binary_name": "liblog4j1.2-java" }, { "binary_version": "1.2.17-9ubuntu0.1", "binary_name": "liblog4j1.2-java-doc" } ] }