search

karma-runner / karma

Spectacular Test Runner for JavaScript
http://karma-runner.github.io
MIT License
11.95k stars 1.71k forks source link

Log4js security vulnerability? #3732

Closed toobzmd closed 2 years ago

toobzmd commented 2 years ago

Does the recent log4j zero-day vulnerability affect Karma? Karma has a dependency on the log4js package, which is a port of log4j.

Link to Apache security page: https://logging.apache.org/log4j/2.x/security.html

devoto13 commented 2 years ago

No, log4js is not affected because it does not implement the problematic functionality. See https://github.com/log4js-node/log4js-node/issues/1105#issuecomment-991957807. Consequently, karma is not affected either.