The log4sh_readProperties function in log4sh 1.2.5 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable log4sh.$$ filenames.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| log4sh | log4sh | 1.2.4 |
| log4sh | log4sh | 1.2.5 |
| log4sh | log4sh | 1.2.3 |