VYPR
Critical severity9.8NVD Advisory· Published Dec 20, 2019· Updated May 28, 2026

CVE-2019-17571

CVE-2019-17571

Description

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
log4j:log4jMaven
>= 1.2, <= 1.2.17

Affected products

32

Patches

Vulnerability mechanics

References

219

News mentions

0

No linked articles in our index yet.