-
We have recently observed an issue where DependencyCheck reported many CVEs after upgraded from Java8 to Java17 and renamed a JAR file to "**utaruntime-2.0.0-bld13.0.80.jar**".
The following test w…
-
## CVE-2021-45105 - Medium Severity Vulnerability
Vulnerable Library - log4j-core-2.11.2.jar
The Apache Log4j Implementation
Library home page: https://www.apache.org/
Path to dependency file: /pack…
-
This has been a topic of discussion before, but as the number of CVEs has increased I wanted to ask clarity on the meaning of "MITIGATED". Taking an example JSON file report from Logpresso-Log4jscan-…
-
Vulnerable Library - spring-boot-starter-log4j2-2.6.1.jar
Path to dependency file: /devops-github-packages-library/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-…
-
Gradle allows to define a reason for dependency constraints like this:
```kotlin
dependencies {
constraints {
api("org.apache.logging.log4j: core") {
version {
…
-
Hello, is it possible to generate a new version for audit-log plugin which uses log4j v2.17.1 because of this CVE: [CVE-2021-45105](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105) ?
-
Hi,
Could you please confirm whether Log4Shell Scanner Burpsuite Pro Addon is capable to identify log4j vulnerabilities of CVE-2021-44832, CVE-2021-45105 & CVE-2021-45046.
Thanks
Saleem Chouda…
-
## CVE-2021-45105 - Medium Severity Vulnerability
Vulnerable Library - log4j-core-2.12.1.jar
Library home page: http://archive.apache.org/dist/flink/flink-1.11.0/python/apache-flink-1.11.0.tar.gz
P…
-
New CVEs in log4j
- https://logging.apache.org/log4j/2.x/security.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4504…
-
When I try to scan locally built Docker images with the Docker Scout _GUI_, then I get a security report.
However, when I use the Docker Scout CLI, then it crashes with a strange error trace. I think…