implemented scanning for Spring CVEs CVE-2022-22963 and CVE-2022-22965.

logpresso / CVE-2021-44228-Scanner

Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228

Apache License 2.0

852 stars 173 forks source link

implemented scanning for Spring CVEs CVE-2022-22963 and CVE-2022-22965. #286

Open arathai opened 2 years ago

arathai commented 2 years ago

Hi,

we were pretty happy with the way how the logpresso scanner scans for Log4J 1/2 and logback, we thought we just enhance it for scanning for the Spring4Shell vulnerabilities and give back because it's already part of our continuous inventory framework.

Best Regards, Alex

xeraph commented 2 years ago

@arathai Thank you for your contribution :D BTW, there are too many diff due to code convention changes. Would you revert that and minimize changes?

arathai commented 2 years ago

@arathai Thank you for your contribution :D BTW, there are too many diff due to code convention changes. Would you revert that and minimize changes?

Thanks and done!

nickPietrass commented 2 years ago

Hey, is this going to be merged to main? Would love to expand on the changes. tyvm, Nick