-
Veracode Software Composition Analysis
===============================
Attribute | Details
| --- | --- |
Library | Apache Log4j
Description | Apache Log4j 1.2
Language | JAVA
Vulnerabi…
-
Veracode Software Composition Analysis
===============================
Attribute | Details
| --- | --- |
Library | Apache Log4j
Description | Apache Log4j 1.2
Language | JAVA
Vulnerabi…
-
## CVE-2022-23302 - High Severity Vulnerability
Vulnerable Library - log4j-1.2.14.jar
Log4j
Library home page: http://logging.apache.org/log4j/
Path to dependency file: /modules/maven-plugin/pom.xml…
-
炸锅了啊!!!!!
-
2022年01月20日,PSIRT监测发现Apache官方 发布了Log4j(1.x版本)的风险通告,漏洞编号为CVE-2022-23302,CVE-2022-23305,CVE-2022-23307,对应的组件分别是:JMSSink、JDBCAppender、Chainsaw。漏洞等级:严重,漏洞评分:9.8。这几个漏洞仅影响Log4j 1.x版本,Log4j 2版本均不受影响。
-
1. CVE-2017-5645
2. CVE-2021-42550
3. CVE-2020-9488
It is especially important to detect CVE-2021-42550
Maybe in the documentation (readme) such a table will be useful
| Detect | CVE …
-
The organization I work with uses Nexus as a proxy for downloading installable artifacts and Sonartype Repository Firewall to scan those artifacts. It blocks [html5validator](https://pypi.org/project/…
-
**Vulnerabilities**
DepShield reports that this application's usage of [log4j:log4j:1.2.15](https://ossindex.sonatype.org/component/pkg:maven/log4j/log4j@1.2.15) results in the following vulnerabilit…
-
**Vulnerabilities**
DepShield reports that this application's usage of [log4j:log4j:1.2.17](https://ossindex.sonatype.org/component/pkg:maven/log4j/log4j@1.2.17) results in the following vulnerabilit…
-
In using `pinot-java-client : 1.0.0-hotfix` and `pinot-common : 1.0.0` and scanning the dependencies with Anchore the following CVEs were detected:
```
CVE-2022-39135+org.apache.calcite.avatica.av…