You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Alexander Ortner <al...@arz.at> on 2021/02/10 19:57:33 UTC

Security: CVE-2019-17571 (log4j)

Hello everyone,

as this (https://issues.apache.org/jira/browse/KAFKA-9366) Jira issue 
already mentiones, all Kafka versions are currently affected by the 
CVE-2019-17571

We would now need to know if there actually is a way of exploiting this 
vulnerability and, if so, how it can be reproduced/tested.

Furthermore should there be a way of exploitation it would be great to 
know what can be done to mitigate risk (e.g. sanitize messages, partially 
disable logging, etc.)

Any ideas on the issue?

Thanks a lot in advance!
and kind regards

Alexander Ortner 
ARZ Allgemeines Rechenzentrum GmbH 
Online Banking Solutions