You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2022/01/19 14:06:00 UTC
[jira] [Commented] (GUACAMOLE-1506) New CVE
[ https://issues.apache.org/jira/browse/GUACAMOLE-1506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17478696#comment-17478696 ]
Mike Jumper commented on GUACAMOLE-1506:
----------------------------------------
They do not. Apache Guacamole does not use Log4j.
https://guacamole.apache.org/security/#not-affected-by-cve-2021-44228
> New CVE
> -------
>
> Key: GUACAMOLE-1506
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1506
> Project: Guacamole
> Issue Type: Task
> Reporter: Simon Jung
> Priority: Critical
>
> Hello,
> can you please comment about the flaws CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which were made public today and which might affect Guacamole:
> - https://seclists.org/oss-sec/2022/q1/50 (Severity: High)
> - https://seclists.org/oss-sec/2022/q1/51 (Severity: High)
> - https://seclists.org/oss-sec/2022/q1/52 (Severity: Critical)
> Thank you.
> Kind regards
> Simon
--
This message was sent by Atlassian Jira
(v8.20.1#820001)