CVE-2019-17571 - AskarLabs CVE Database

CVE-2019-17571

Vendor Apache Software Foundation

Product Log4j

Weakness CWE-502 · Unsafe deserialization

Published December 20, 2019

Last update May 28, 2026

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.

Key dates

02Disclosure timeline

December 20, 2019 CVE published

May 28, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-17571

Related vulnerabilities

04Related CVE

CVE-2025-58636 WordPress WP Gravity Forms Keap/Infusionsoft Plugin <= 1.2.3 - Deserialization of untrusted data Vulnerability CVE-2026-24891 openITCOCKPIT has Unsafe PHP Deserialization in Gearman Worker Allowing Conditional Object Injection CVE-2026-22473 WordPress Dental Clinic theme <= 3.7 - PHP Object Injection vulnerability CVE-2026-5127 User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration <= 4.3.1 - Authenticated (Subscriber+) PHP Object Injection CVE-2024-32603 WordPress WooBuddy plugin <= 3.4.20 - PHP Object Injection vulnerability