-
2022年01月20日,PSIRT监测发现Apache官方 发布了Log4j(1.x版本)的风险通告,漏洞编号为CVE-2022-23302,CVE-2022-23305,CVE-2022-23307,对应的组件分别是:JMSSink、JDBCAppender、Chainsaw。漏洞等级:严重,漏洞评分:9.8。这几个漏洞仅影响Log4j 1.x版本,Log4j 2版本均不受影响。
-
## CVE-2022-23305 - High Severity Vulnerability
Vulnerable Library - log4j-1.2.13.jar
Log4j
Library home page: http://logging.apache.org/log4j/
Path to dependency file: /tmp/ws-scm/Java-Demo/pom.xml…
-
Vulnerable Library - slf4j-log4j12-1.5.0.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.13/log4j-1.2.13.jar
Found in HEAD comm…
-
炸锅了啊!!!!!
-
Vulnerable Library - log4j-1.2.15.jar
Apache Log4j 1.2
Library home page: http://logging.apache.org:80/log4j/1.2/
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/…
-
Vulnerable Library - log4j-1.2.17.jar
Apache Log4j 1.2
Library home page: http://logging.apache.org/log4j/1.2/
Path to dependency file: /spring-cloud-alibaba-examples/seata-example/storage-service/p…
-
Is couchdb-lucene affected by any of the following vulnerabilities reported against log4j. And what are plans to fix them?
CVE-2022-23307 CVE-2021-44228 CVE-2021-45046 CVE-2021-4104 CVE-2019-17571 …
-
Vulnerable Library - slf4j-log4j12-1.5.0.jar
Path to dependency file: /pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/log4j/log4j/1.2.13/log4j-1.2.13.jar
Found in HEAD comm…
-
The new version 1.0rc1-rc2
have a lower number of vulnerabilities 3-4 in the fallowing jar files
rc1
org.apache.hadoop_hadoop-common version 2.10.2 has 1 vulnerability
org.apache.hadoop_hadoop-co…
-
**What would you like to be added**:
Some way to ignore Java test dependencies like this vulnerable-legacy log4j:
```xml
log4j
log4j
1.2.17
test
```
**Why is this nee…