search

kelseyhightower / nocode

The best way to write secure and reliable applications. Write nothing; deploy nowhere.
Apache License 2.0
60.38k stars 4.71k forks source link

Adapt nocode for Apache Log4j 2 vulnerability #4738

Open AlfonsoFR2020 opened 2 years ago

AlfonsoFR2020 commented 2 years ago

As many of you know, on 9 December 2021, Apache disclosed via GitHub that the Log4j 2 utility contains a critical vulnerability that allows unauthenticated remote code execution, a serious issue that impacts a large number of applications. Therefore, nocode should be adapted to deal with this 0-day issue that was aired 4 days ago. Recommendations:
To secure your code against this vulnerability, upgrade your library to the newest version. If you are unable to update your library, add the following in /dev/null: "" You are welcome.

quackduck commented 2 years ago

Thanks for reporting this issue! The nocode devs take possible vulnerability issues very seriously.

mohsiniscoding commented 2 years ago

On it!

obfuscatedgenerated commented 2 years ago

I added this line:

This should supress JNDI and therefore mitigate the vulnerability.