You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2022/01/19 14:06:00 UTC

[jira] [Commented] (GUACAMOLE-1506) New CVE

    [ https://issues.apache.org/jira/browse/GUACAMOLE-1506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17478696#comment-17478696 ] 

Mike Jumper commented on GUACAMOLE-1506:
----------------------------------------

They do not. Apache Guacamole does not use Log4j.

https://guacamole.apache.org/security/#not-affected-by-cve-2021-44228

> New CVE
> -------
>
>                 Key: GUACAMOLE-1506
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1506
>             Project: Guacamole
>          Issue Type: Task
>            Reporter: Simon Jung
>            Priority: Critical
>
> Hello,
> can you please comment about the flaws CVE-2022-23302, CVE-2022-23305, CVE-2022-23307 which were made public today and which might affect Guacamole:
>  - https://seclists.org/oss-sec/2022/q1/50 (Severity: High)
>  - https://seclists.org/oss-sec/2022/q1/51 (Severity: High)
>  - https://seclists.org/oss-sec/2022/q1/52 (Severity: Critical)
> Thank you.
> Kind regards
> Simon



--
This message was sent by Atlassian Jira
(v8.20.1#820001)