Query | CVE-2021-44228 impact #48
-
|
Hi, This is regarding the vulnerability identification in Apache Log4j - In our Product we use Owasp.CsrfGuard.js and Owasp.CsrfGuard.jar :so could you please confirm these libraries have any issue/risk? If it is impacted by CVE-2021-44228 then kindly suggest the remediation immediately. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
Hello, You can check the dependencies of the project using mvn dependency:tree -Dscope=compile. org.owasp:csrfguard:jar:4.1.2-SNAPSHOT +- javax.servlet:servlet-api:jar:2.5:provided +- org.owasp:csrfguard:jar:4.1.2-SNAPSHOT:compile +- org.owasp:csrfguard:jar:4.1.2-SNAPSHOT:compile |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the prompt response. Appreciated..!! |
Beta Was this translation helpful? Give feedback.
Hello,
CSFGuard doesn't use Log4j. So we are not impacted by this CVE.
You can check the dependencies of the project using mvn dependency:tree -Dscope=compile.
org.owasp:csrfguard:jar:4.1.2-SNAPSHOT
+- javax.servlet:servlet-api:jar:2.5:provided
+- org.apache.commons:commons-lang3:jar:3.12.0:compile
+- commons-io:commons-io:jar:2.8.0:compile
+- com.google.code.gson:gson:jar:2.8.6:compile
+- org.slf4j:slf4j-api:jar:1.7.31:compile
org.owasp:csrfguard-extension-session:jar:4.1.2-SNAPSHOT
+- org.owasp:csrfguard:jar:4.1.2-SNAPSHOT:compile
| +- org.apache.commons:commons-lang3:jar:3.12.0:compile
| +- commons-io:commons-io:jar:2.8.0:compile
| +- com.google.code.gson:gson:jar:2.8.6:compile
| - org…