logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
Apache License 2.0
852 stars 173 forks source link

What does mitigated mean? #166

Closed dkordyban closed 2 years ago

dkordyban commented 2 years ago

Does it remove JNDI feature all together or just remove the ability for log4j to call out to external servers via LDAP, RMI, HTTP?

AlexMilotin commented 2 years ago

It is written in the README.MD (mitigated) tag will be displayed if org/apache/logging/log4j/core/lookup/JndiLookup.class entry is removed from JAR file.

dkordyban commented 2 years ago

My apologies, I posted before I read the readme.md file.

On Mon, Dec 20, 2021, 6:04 AM AlexMilotin @.***> wrote:

It is written in the README.MD https://github.com/logpresso/CVE-2021-44228-Scanner/blob/main/README.md (mitigated) tag will be displayed if org/apache/logging/log4j/core/lookup/JndiLookup.class entry is removed from JAR file.

— Reply to this email directly, view it on GitHub https://github.com/logpresso/CVE-2021-44228-Scanner/issues/166#issuecomment-997821708, or unsubscribe https://github.com/notifications/unsubscribe-auth/AF6JG4NTHCADZBY6SWQQ623UR4EVRANCNFSM5KNMBZIA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you authored the thread.Message ID: @.***>