openrasp icon indicating copy to clipboard operation
openrasp copied to clipboard

Published 20 hours ago • verified publisher icon baidu

This change will fix CVE-2019-17571 and all log4shell issues

Open zg2pro opened this issue 1 year ago • 2 comments

This change will fix CVE-2019-17571 and all log4shell issues

zg2pro avatar Oct 09 '23 07:10 zg2pro

Just to clarify, SocketServer is not used anywhere in this project thus it's a not-exploitable status.

CaledoniaProject avatar Oct 09 '23 08:10 CaledoniaProject

Just to clarify, SocketServer is not used anywhere in this project thus it's a not-exploitable status.

Hi. Log4shell issues may be false positive in openrasp, however any SCA tool will raise a blocker when log4j v1 is found in dependencies. These SCA blockers may prevent companies from using openrasp whereas log4j v1 is today easily replaceable.

zg2pro avatar Oct 09 '23 08:10 zg2pro