search

logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Apache License 2.0
852 stars 173 forks source link

New Vulnerability #163

Closed theCamelCaser closed 2 years ago

theCamelCaser commented 2 years ago

Hi,

with the new 2.16 issues shouldn't the checked version increased to

old:


    private boolean isVulnerable(int major, int minor, int patch) {
        return major == 2 && (minor < 14 || (minor == 14 && patch <= 1));
    }

new:


    private boolean isVulnerable(int major, int minor, int patch) {
        return major == 2 && (minor < 16 || (minor == 14 && patch <= 1) || (minor == 13 && patch <= 3));
    }
xeraph commented 2 years ago

@NineOfSeven v2.3.6 treats all log4j2 versions under 2.17 as vulnerable. image

I can't understand what you are saying..