[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [cross-project-issues-dev] log4j vulnerability in Eclipse?
|
Denis,
You can see the versions of log4j in the 2021-12 release here:
https://www.eclipse.org/downloads/download.php?format=xml&file=/releases/2021-12/202112081000&countryCode=us&timeZone=1&format=xml
These I think:
On 10.12.2021 20:11, Denis Roy wrote:
I guess I'm trying to determine if
there are any versions of Eclipse, Jetty, jGit, etc that are
vulnerable.
For instance, we use Gerrit 3.2.7,
which may contain a vulnerability.
Denis
On 2021-12-10 14:02, Matthew Khouzam
via cross-project-issues-dev wrote:
|
Apache
Log4j2 <=2.14.1 JNDI features used in
configuration, log messages, and parameters do not
protect against attacker controlled LDAP and other
JNDI related endpoints. An attacker who can
control log messages or log message parameters can
execute arbitrary code loaded from LDAP servers
when ...
nvd.nist.gov
|
It's for log4j2
between 2.0.0 and 2.14.1
_______________________________________________
cross-project-issues-dev mailing list
cross-project-issues-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://www.eclipse.org/mailman/listinfo/cross-project-issues-dev