You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We used the Log4 scanner from the GitHub project (https://github.com/hillu/local-log4j-vuln-scanner) to look for the Log4 vulnerabilities from December 2021. The scanner found a finding on the OneJar of PWM version 1.9.2.
Output from local-log4j-vuln-scanner: local-log4j-vuln-scanner.exe c:\PWM | grep "vulnerable component found"
indicator for vulnerable component found in c:\PWM\pwm-onejar-1.9.2.jar::embed.war::WEB-INF/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): SocketNode.class log4j 1.2.17 CVE-2019-17571
Is PWM affected by the Log4 vulnerabilities? If so, is an updated version already on the horizon?
The text was updated successfully, but these errors were encountered:
We used the Log4 scanner from the GitHub project (https://github.com/hillu/local-log4j-vuln-scanner) to look for the Log4 vulnerabilities from December 2021. The scanner found a finding on the OneJar of PWM version 1.9.2.
Output from local-log4j-vuln-scanner:
local-log4j-vuln-scanner.exe c:\PWM | grep "vulnerable component found"
indicator for vulnerable component found in c:\PWM\pwm-onejar-1.9.2.jar::embed.war::WEB-INF/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): SocketNode.class log4j 1.2.17 CVE-2019-17571
Is PWM affected by the Log4 vulnerabilities? If so, is an updated version already on the horizon?
The text was updated successfully, but these errors were encountered: