Closed stevenolen closed 2 years ago
Mitigation step per https://access.redhat.com/security/cve/CVE-2021-4104:
zip -q -d lib/log4j-*.jar org/apache/log4j/net/JMSAppender.class
ohmage does not appear to use JMSAppender, and so is likely not exploitable, but removing this class should mitigate the vulnerability were it possible.
Mitigation step per https://access.redhat.com/security/cve/CVE-2021-4104:
ohmage does not appear to use JMSAppender, and so is likely not exploitable, but removing this class should mitigate the vulnerability were it possible.