You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Alexander Ortner <al...@arz.at> on 2021/02/10 19:57:33 UTC
Security: CVE-2019-17571 (log4j)
Hello everyone,
as this (https://issues.apache.org/jira/browse/KAFKA-9366) Jira issue
already mentiones, all Kafka versions are currently affected by the
CVE-2019-17571
We would now need to know if there actually is a way of exploiting this
vulnerability and, if so, how it can be reproduced/tested.
Furthermore should there be a way of exploitation it would be great to
know what can be done to mitigate risk (e.g. sanitize messages, partially
disable logging, etc.)
Any ideas on the issue?
Thanks a lot in advance!
and kind regards
Alexander Ortner
ARZ Allgemeines Rechenzentrum GmbH
Online Banking Solutions