Skip to content

Log4j Vulnerabilities #4

New issue
New issue
Open
Open
Log4j Vulnerabilities#4
@Diamond42474

Description

@Diamond42474
Diamond42474
opened on Jan 9, 2024

Description

Log4j v1.2.17 is linked to multiple >8 level CVEs (Common Vulnerabilities & Exposures). This could lead to leaked data or even arbitrary code execution.

Resolution

Update Log4j dependencies to latest version

Recommended: Use a tool like Snyk to automatically scan for vulnerable dependencies using GitHub Actions.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23305
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23302
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4104
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17571

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions