leonrak Posted December 11, 2021 Share Posted December 11, 2021 https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ Quote Who is affected Log4j is a powerful Java based logging library maintained by the Apache Software Foundation. In all Log4j versions >= 2.0-beta9 and <= 2.14.1 JNDI features used in configuration, log messages, and parameters can be exploited by an attacker to perform remote code execution. Specifically, an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. Quote Link to comment Share on other sites More sharing options...
Tech Support Posted December 13, 2021 Share Posted December 13, 2021 Log4j is Java library, KVS is using PHP. We are not affected by this issue. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.