Log4J vulnerability? #2024
-
|
Anyone has evaluated GRASS for log4j vulnerability - even its written in C - sometimes it has some knock-on effects ? |
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 2 replies
-
|
We are not aware of any connection to the log4j vulnerability. Do you have any indication? |
Beta Was this translation helpful? Give feedback.
-
|
We had a case where in another software a plugin brought in an elastic instance - no further comments on that. Just wondering if anyone has done a full scan. |
Beta Was this translation helpful? Give feedback.
-
|
In Elastic make sense because it is written in Java, I think GRASS should not be affected. |
Beta Was this translation helpful? Give feedback.
-
|
Elastic is one example - it applies for any JAVA based third party module integrated. I don't have the full overview of all possible extensions/plug-ins which GRASS might have, otherwise I could investigate myself. |
Beta Was this translation helpful? Give feedback.
-
|
There is no Java or Log4J in the source code:
I don't know how to find transitive dependencies for platform-dependent C and C++ libraries, so feel encouraged to contribute in this area. The code is scanned with GitHub CodeQL which now includes Log4j CVE-2021-44228 (Remote code injection in Log4j) in question (PRs 7423 and 7354). |
Beta Was this translation helpful? Give feedback.
There is no Java or Log4J in the source code:
I don't know how to find transitive dependencies for platform-dependent C and C++ libraries, so feel encouraged to contribute in this area.
The code is scanned with GitHub CodeQL which now includes Log4j CVE-2021-44228 (Remote code injection in Log4j) in question (PRs 7423 and 7354).