CVE-2022-23307
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-23307
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23307.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-23307
- Aliases
- Downstream
- Related
- Published
- 2022-01-18T16:15:08Z
- Modified
- 2025-09-19T13:39:51.396304Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
CVE-2020-9493 identified a deserialization issue that was present in Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of Apache Log4j 1.2.x where the same issue exists.
- References
Affected packages
Git / github.com/apache/logging-log4j2
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/logging-log4j2
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://github.com/qos-ch/reload4j
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
{
"vanir_signatures": [
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "getConnection"
},
"signature_version": "v1",
"digest": {
"length": 281.0,
"function_hash": "229332111713677933102807746861574347653"
},
"signature_type": "Function",
"id": "CVE-2022-23307-01346bfb"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "getLogStatement"
},
"signature_version": "v1",
"digest": {
"length": 77.0,
"function_hash": "270684450888807159696430132664370127464"
},
"signature_type": "Function",
"id": "CVE-2022-23307-19c0d550"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "execute"
},
"signature_version": "v1",
"digest": {
"length": 250.0,
"function_hash": "118001609627180170022662501419747263095"
},
"signature_type": "Function",
"id": "CVE-2022-23307-240df131"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "setSql"
},
"signature_version": "v1",
"digest": {
"length": 190.0,
"function_hash": "185664538515356219335872689412993714456"
},
"signature_type": "Function",
"id": "CVE-2022-23307-36e9cb7d"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "setBufferSize"
},
"signature_version": "v1",
"digest": {
"length": 126.0,
"function_hash": "135705115141542302283357391193406670967"
},
"signature_type": "Function",
"id": "CVE-2022-23307-3800960d"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "getBufferSize"
},
"signature_version": "v1",
"digest": {
"length": 42.0,
"function_hash": "277922588379324964645318275604912417022"
},
"signature_type": "Function",
"id": "CVE-2022-23307-4b770bc9"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"54875113945747903846184934186189496129",
"155639873397643663327544406949425509781",
"248593515572713955226393538468314184102",
"177338705595109262832408157303630120961",
"54969589512873098220329705269313950872",
"50128295479346590514067011337208504882",
"263595027741115370523312888102403757349",
"128000765136990251065282957451463718538",
"336465973610784321648444982993644685906",
"282252861438033699083703037813510169360",
"274193621373044831874524153574381856346",
"178689932047095173727127799780500554116",
"103009779702994047860021562195043113529",
"170898989125553315857542379309654580859",
"248324180983586920251166012605765926053",
"86813562956464549376628643729681012789",
"191587714656142460675239461587984568013",
"50070021005868208872137384571543936511",
"194475405198163838230578780840335551786",
"198635663030684027639153368043900281024",
"198331663983005940152885992745504965268",
"86126037283605146017923621980914036432",
"310385427782325903609488384202973999628",
"130333720266119163603703108689680499205",
"182344192102083165273280087876963279821",
"292027368941339937446240806062450616637",
"224714900132149383269609281277549792049",
"7395584678725243477510514256870041647",
"181619309110553034228638281755584509225",
"50310289343635155085094007606665168990",
"6092085524425311452588706282165084638",
"305337713044601580688090545766364433857",
"226165542825059218830309740728165120420",
"289449965058043209992729573014815198813",
"212634283579970540279134743473123255481",
"161867005669675175421361109201141107495",
"237744605316349151570555948314485207629",
"166662847891152600395160395404858402778",
"45972831642117762786084575481211722099",
"21855936516115135998000351573271992117",
"299631208690440794016168237121661649272",
"274959824624165360624456804288197413227",
"251618482475154015674895815178174011072",
"41722033093359923112412689341977416624",
"98355026312370344746140443820758271415",
"35916872810092410682540961324814087555",
"106697109029959314978171886649085988366",
"27758599605586396497021162275435845280",
"187172850734512478378111636370098864058",
"201815295426669917237618675335119380371",
"278391739645131710853985149059843009532",
"211849547030803897038136137112443746855",
"61453366180349576478217608862864372243",
"181119809376401772488742093277572500885",
"271505963742121282085100382798577493871",
"262931734221575353617386371840058546089",
"36237627278739407895905940594515941649",
"88929801789832107075643876158629864631",
"109438897804792142645875517442794464241",
"100027431249135074247958456854684726340",
"280768824680112349074688225110563138428",
"186210545427152720890730075040215046646",
"36019099146866701219283042427855259423",
"46034822312190028682988765185407074779",
"301451908370811842593242020316859960047",
"293325715267915905031617930664776626775",
"37282328609117012701227874760381210002",
"160349808761488875838347786511357460586",
"43663139986710398330705943202509093047",
"972830713496538912239889134882960316",
"1661205361001691339654700101005204721",
"265461753913825171765188475764058859737",
"98690129755861172109978719580821151771",
"304618822834124835717965161225852033562",
"40276754173518987519369044155663654704",
"102764040594288070961741384461758284391",
"255550983384870347126499652861386144288",
"41317504179612232833568301664126329167",
"256441057049695684727370618570428696972",
"131791664669517208624942950064301253143",
"285079431208876479780639974657471100342",
"208106868341429785083088019538185111021",
"10518320100614721684719806326451742479",
"215317462872548879311282847331154208976",
"198030525472843889115287185933616003978",
"11735076258830389967322446451924259500",
"159867483231891255771523858402285400955",
"287727181398583824045478376676029163239",
"151081655941359298072693308654502157436",
"193075100079424200744353308237442530207",
"297535079468872394001908213252685337114",
"202295497782179663657665499700633852177",
"286473885719340469389527641953480286125",
"79035680103169361956534473073511856776",
"73496389807007547124997398986650305806",
"196843685809570485868093606652085627473",
"19019805076934074296033323600452709883",
"202233865823301819311409088818247707344",
"146924343159583726510263485115583796783",
"67688985138137002208904676711646085295",
"187758591920676926879304884513807483177",
"312312522946183357771911218678676042660",
"162057776999765546480077544888192642006",
"301189363040255254769939087463719282487",
"73437106389556138674143520799566752807",
"265643224906837184039594968400363725894",
"27051413018958958726943348781283453247",
"273485380106913205244044697964754507227",
"111094510762880191429512718847343629151",
"32836941889390845596584652090167257765",
"218845629207107560981730593448294321920",
"297802959149840625864565763583869162498",
"176783018540480095741906840387587357657",
"109058676624542350274485672404688103492",
"119921168604849227479382905322545593647",
"159081896540628859389632197399589293505",
"3049622438249960124266590007595575277",
"77449200277985328346312627428612889539",
"173969509425089567971888946188091094264",
"146092313952150133331545717138381689602",
"182958831464044865929399700174088208057",
"279723878663702805418309467246398239990",
"75741066188628439355810889110326547725",
"302597788336685283631740533602127513733",
"165333005634369905404050794688794028358",
"132850213325696792035660270647608938082",
"272687849177589332495007978881916278088",
"17611512927439146281720666889690521576",
"117541517591426627253659721748040186466",
"206920131881893652745225434723079925909",
"206956317257923047929595198294337716401",
"63384411156087881258629920514458135039",
"44259006285758427528508479497849022809",
"124333112159344828496005775563029356936",
"80057735875247189376013196585606894299",
"327116553614759972593428098472021721962",
"151360377759107736282417679374029983427",
"211271231428139071615781892558616512384",
"146945854854902378678362000871562138328",
"339273328420201235357040014531954442232",
"115738311481710915221389067168483725878",
"255732452867400791330170324821045164627",
"65566238408494342052680698576158076661",
"242640706658904267019717904415764559543",
"268531287589130513242614505371993956612"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "CVE-2022-23307-544fd588"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "requiresLayout"
},
"signature_version": "v1",
"digest": {
"length": 36.0,
"function_hash": "221347515604444174158561154025210479869"
},
"signature_type": "Function",
"id": "CVE-2022-23307-57f9523c"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "finalize"
},
"signature_version": "v1",
"digest": {
"length": 37.0,
"function_hash": "208972022311035733844886350694903749572"
},
"signature_type": "Function",
"id": "CVE-2022-23307-7485c30f"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "closeConnection"
},
"signature_version": "v1",
"digest": {
"length": 34.0,
"function_hash": "290651339905754313338839002053528397135"
},
"signature_type": "Function",
"id": "CVE-2022-23307-7b9fae32"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "getURL"
},
"signature_version": "v1",
"digest": {
"length": 43.0,
"function_hash": "238800061511443133837888387550602396811"
},
"signature_type": "Function",
"id": "CVE-2022-23307-8c38a6d3"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "getLocationInfo"
},
"signature_version": "v1",
"digest": {
"length": 44.0,
"function_hash": "156110009248239162566025104058112439404"
},
"signature_type": "Function",
"id": "CVE-2022-23307-96225ffa"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "flushBuffer"
},
"signature_version": "v1",
"digest": {
"length": 451.0,
"function_hash": "12450017771832892377555454072943694806"
},
"signature_type": "Function",
"id": "CVE-2022-23307-9a9834c9"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "setLocationInfo"
},
"signature_version": "v1",
"digest": {
"length": 63.0,
"function_hash": "279019664130890560140419166092181074118"
},
"signature_type": "Function",
"id": "CVE-2022-23307-a427d138"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "setURL"
},
"signature_version": "v1",
"digest": {
"length": 56.0,
"function_hash": "290158768240479956621356202327473687745"
},
"signature_type": "Function",
"id": "CVE-2022-23307-a4f3e405"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "setDriver"
},
"signature_version": "v1",
"digest": {
"length": 185.0,
"function_hash": "105859475583218370481865950753380933304"
},
"signature_type": "Function",
"id": "CVE-2022-23307-c80f5b31"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "setUser"
},
"signature_version": "v1",
"digest": {
"length": 57.0,
"function_hash": "302252732763328126835664180549069023807"
},
"signature_type": "Function",
"id": "CVE-2022-23307-d44d45d9"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "close"
},
"signature_version": "v1",
"digest": {
"length": 273.0,
"function_hash": "42582326461069237128948546438252204455"
},
"signature_type": "Function",
"id": "CVE-2022-23307-d9b85e1c"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "getPassword"
},
"signature_version": "v1",
"digest": {
"length": 48.0,
"function_hash": "211380759106536582900672555249066702222"
},
"signature_type": "Function",
"id": "CVE-2022-23307-dca7343d"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "JDBCAppender"
},
"signature_version": "v1",
"digest": {
"length": 107.0,
"function_hash": "52012331234289178273958542727816959467"
},
"signature_type": "Function",
"id": "CVE-2022-23307-e9fa5f2f"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "setPassword"
},
"signature_version": "v1",
"digest": {
"length": 61.0,
"function_hash": "325086023965287910712216448656503599898"
},
"signature_type": "Function",
"id": "CVE-2022-23307-eb9eeb37"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "append"
},
"signature_version": "v1",
"digest": {
"length": 284.0,
"function_hash": "324622265363077343648228771224018499413"
},
"signature_type": "Function",
"id": "CVE-2022-23307-ed55eaa9"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "getUser"
},
"signature_version": "v1",
"digest": {
"length": 44.0,
"function_hash": "238057679355050308950840042255478586491"
},
"signature_type": "Function",
"id": "CVE-2022-23307-f2d7706c"
},
{
"source": "https://github.com/qos-ch/reload4j/commit/527f5374efd3c534b8aae7c133898019182e9f99",
"deprecated": false,
"target": {
"file": "src/main/java/org/apache/log4j/jdbc/JDBCAppender.java",
"function": "getSql"
},
"signature_version": "v1",
"digest": {
"length": 44.0,
"function_hash": "288393607012684171787768727765815577593"
},
"signature_type": "Function",
"id": "CVE-2022-23307-fdcd3eca"
}
]
}