You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jun 30, 2023. It is now read-only.
The log4j scanner does not seem to catch log4j-1.2.12.jar ( which is obviously vulnerable )
There is this other scanner that i used, was able to accurately mark this version of log4j jar as vulnerable
Scanner Used: https://github.com/hillu/local-log4j-vuln-scanner/releases/tag/v0.13
./local-log4j-vuln-scanner.macosx --quiet /Users/hillu-log4j-scanner-test/
Checking for vulnerabilities: CVE-2019-17571, CVE-2021-44228, CVE-2021-45105
indicator for vulnerable component found in /Users/hillu-log4j-scanner-test/log4j-1.2.12.jar (org/apache/log4j/net/SocketNode.class): SocketNode.class log4j 1.2.12 CVE-2019-17571
Would it be possible to fix the scanner to catch this log4j/ any version that is less than 2.17.0 ?