NoSQL Database

Announcement

Testing banner

log4j.jar vulnerability in kvstore/lib binaries

Adrian Godoy FerroJan 11 2022

Hi all,
recently I run the local-log4j-vuln-scanner on my NoSQL machines kvstore installation and fount this vulnerability exposed.
Checking for vulnerabilities: CVE-2019-17571, CVE-2021-44228, CVE-2021-45105
indicator for vulnerable component found in /oracle/<DBNAME>/kv-<VERSION>/lib/log4j.jar (org/apache/log4j/net/SocketNode.class): SocketNode.class log4j 1.2.17 CVE-2019-17571
do we have some fix for this vulnerability or some workaround ?
Thank you in advance
Adrian

This post has been answered by userBDBDMS-Oracle on Jan 13 2022

Jump to Answer

Added on Jan 11 2022

#nosql-database-discussions

3 comments

62 views