mtanco
commented
2 years ago Thank you for the notification! This component, H2O-3, has been updated to not use the vulnerable version of log4j, we will ensure it is updated in these example apps.
Closed arpitmailgun closed 2 years ago
mtanco
commented
2 years ago Thank you for the notification! This component, H2O-3, has been updated to not use the vulnerable version of log4j, we will ensure it is updated in these example apps.
VijithaEkanayake-zz
commented
2 years ago Fixed with https://github.com/h2oai/wave-apps/pull/92
I used log4j detecor to check the vulnerable apps in my system and found out that wave-apps is using old version of log4j which is vulnerable.
Output-
wave-apps/churn-risk/venv/lib/python3.7/site-packages/h2o/backend/bin/h2o.jar contains Log4J-1.x <= 1.2.17 _OLD_