Description
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Remediation
References
Related Vulnerabilities
PHP Improper Input Validation Vulnerability (CVE-2007-0908)
MySQL CVE-2019-2946 Vulnerability (CVE-2019-2946)
WordPress Plugin WP Post to PDF Enhanced Cross-Site Scripting (1.0.5)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)
WordPress Plugin Social Slider 'rA[]' Parameter SQL Injection (5.6.5)