mondrian Check whether the log4j1 vulnerability is involved in mondrian 8.2.0.5: CVE-2022-23302/23305/23307

Check whether the log4j1 vulnerability is involved in mondrian 8.2.0.5: CVE-2022-23302/23305/23307

Open powercomsmt opened this issue 2 years ago • 0 comments

On January 20, 2022, the PSIRT found that Apache officially released a risk notice for Log4j (version 1.x). The vulnerability ID is CVE-2022-23302,CVE-2022-23305,CVE-2022-23307. The corresponding components are JMSSink, JDBCAppender, and Chainsaw. Vulnerability Level: Major; Vulnerability Score: 9.8. These vulnerabilities affect only Log4j 1.x. Log4j 2 is not affected. Mondrian 8.2.0.5 uses log4j 1.2.14. Are these vulnerabilities involved?

Jan 24 '22 02:01 powercomsmt

mondrian mondrian copied to clipboard

Check whether the log4j1 vulnerability is involved in mondrian 8.2.0.5: CVE-2022-23302/23305/23307

mondrian
mondrian copied to clipboard