You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azkaban use log4j 1.2.16 version (which is oldest) and in this version vulnerability is kind of CVE-2021-44228.
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
With this task log4j version should be the 2.15.0.
If its ok, I'm willing to upgrade version.
The text was updated successfully, but these errors were encountered:
Azkaban use log4j 1.2.16 version (which is oldest) and in this version vulnerability is kind of CVE-2021-44228.
Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17.
With this task log4j version should be the 2.15.0.
If its ok, I'm willing to upgrade version.
The text was updated successfully, but these errors were encountered: