log4j-detector
log4j-detector copied to clipboard
mergebase
A public open sourced tool. Log4J scanner that detects vulnerable Log4J versions (CVE-2021-44228, CVE-2021-45046, etc) on your file-system within any application. It is able to even find Log4J instan...
Currently a clean system will report an empty output file. Could you add _SAFE_ within the output if no log4j has been found? That would make it easier for central...
1. Canonicalize paths in --exclude array 2. Add para dump, mainly for troubleshooting in Windows (without this I will not be able to come out with the exclude argument below...
Fixes #42
Hello, After trying multiple different options, the --exclude example in the README should read: ``` Example: --exclude='["/dev", "/media", "Z:\TEMP"]' ``` I removed the "s" from exclude and added single ticks...
Current output for log4j 2.x findings without JndiLookup.class is: `_POTENTIALLY_SAFE_ (Did you remove JndiLookup.class?)_` I think `_POTENTIALLY_SAFE_` is not correct any longer because log4j 2.x without JndiLookup.class is only `_POTENTIALLY_OKAY_`,...
Another one in few days, to fix https://nvd.nist.gov/vuln/detail/CVE-2021-44832: - https://logging.apache.org/log4j/2.x/security.html Current list: - CVE-2021-4104 - CVE-2021-44228 - CVE-2021-44832 - CVE-2021-45046 - CVE-2021-45105 Note that there is a logback CVE too:...
Hi everyone, First of all thank you for the great project. This is actually not an issue of log4j-detector but rather a Java bug - however I would like to...
