You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Rajendra (Jira)" <ji...@apache.org> on 2021/12/12 03:39:00 UTC

[jira] [Created] (KAFKA-13537) Will kafka_2.12-2.3.0 version be impacted by new zero-day exploit going on since last friday?

Rajendra created KAFKA-13537:
--------------------------------

             Summary: Will kafka_2.12-2.3.0 version be impacted by new zero-day exploit going on since last friday?
                 Key: KAFKA-13537
                 URL: https://issues.apache.org/jira/browse/KAFKA-13537
             Project: Kafka
          Issue Type: Bug
         Environment: All
            Reporter: Rajendra


h3. new zero-day exploit has been reported against the popular Log4J2 library which can allow an attacker to remotely execute code.
h3. Affected Software

A significant number of Java-based applications are using log4j as their logging utility and are vulnerable to this CVE. To the best of our knowledge, at least the following software may be impacted:
 * Apache Struts
 * Apache Solr
 * Apache Druid
 * Apache Flink
 * ElasticSearch
 * Flume
 * Apache Dubbo
 * Logstash
 * Kafka
 * Spring-Boot-starter-log4j2

Wondering if kafka_2.12-2.3.0 is impacted. I see below libraries.

kafka-log4j-appender-2.3.0.jar  log4j-1.2.17.jar  scala-logging_2.12-3.9.0.jar  slf4j-log4j12-1.7.26.jar

 

 

 

 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)