CVE-2019-3826

Risk Scores

Affected Products

Exploit Intelligence

• https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3826 (circl)
• https://github.com/prometheus/prometheus/pull/5163 (circl)
• https://github.com/prometheus/prometheus/commit/62e591f9 (circl)
• RHBA-2019:0327 (circl)
• [zookeeper-commits] 20200118 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer (circl)
• [zookeeper-commits] 20200118 [zookeeper] branch master updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer (circl)
• [zookeeper-commits] 20200118 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-3677: owasp checker failing for - CVE-2019-17571 Apache Log4j 1.2 deserialization of untrusted data in SocketServer (circl)
• https://advisory.checkmarx.net/advisory/CX-2019-4297 (circl)
• owaspSuppressions.xml (github-poc)
• owaspSuppressions.xml (github-poc)

…and 12 more exploits

Timeline

• Mar 26, 2019 CVE Published
• Oct 9, 2019 CVE Updated
• Apr 14, 2021 EPSS Score
• Jan 6, 2022 EPSS Score
• Feb 4, 2022 EPSS Score
• Apr 1, 2022 EPSS Score
• Mar 17, 2025 EPSS Score
• May 1, 2025 EPSS Score
• May 4, 2025 EPSS Score
• Jun 1, 2025 EPSS Score
• Jun 4, 2025 EPSS Score
• Jul 1, 2025 EPSS Score

References

• https://ubuntu.com/security/CVE-2019-3826 third-party-advisory
• https://github.com/prometheus/prometheus/pull/5163 third-party-advisory
• https://www.cve.org/CVERecord?id=CVE-2019-3826 third-party-advisory