Forum Stats

  • 3,783,687 Users
  • 2,254,820 Discussions
  • 7,880,516 Comments

Discussions

log4j.jar vulnerability in kvstore/lib binaries

Hi all,

recently I run the local-log4j-vuln-scanner on my NoSQL machines kvstore installation and fount this vulnerability exposed.

Checking for vulnerabilities: CVE-2019-17571, CVE-2021-44228, CVE-2021-45105

indicator for vulnerable component found in /oracle/<DBNAME>/kv-<VERSION>/lib/log4j.jar (org/apache/log4j/net/SocketNode.class): SocketNode.class log4j 1.2.17 CVE-2019-17571

do we have some fix for this vulnerability or some workaround ?

Thank you in advance

Adrian

Best Answer

Answers