You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Rajendra (Jira)" <ji...@apache.org> on 2021/12/12 03:39:00 UTC
[jira] [Created] (KAFKA-13537) Will kafka_2.12-2.3.0 version be impacted by new zero-day exploit going on since last friday?
Rajendra created KAFKA-13537:
--------------------------------
Summary: Will kafka_2.12-2.3.0 version be impacted by new zero-day exploit going on since last friday?
Key: KAFKA-13537
URL: https://issues.apache.org/jira/browse/KAFKA-13537
Project: Kafka
Issue Type: Bug
Environment: All
Reporter: Rajendra
h3. new zero-day exploit has been reported against the popular Log4J2 library which can allow an attacker to remotely execute code.
h3. Affected Software
A significant number of Java-based applications are using log4j as their logging utility and are vulnerable to this CVE. To the best of our knowledge, at least the following software may be impacted:
* Apache Struts
* Apache Solr
* Apache Druid
* Apache Flink
* ElasticSearch
* Flume
* Apache Dubbo
* Logstash
* Kafka
* Spring-Boot-starter-log4j2
Wondering if kafka_2.12-2.3.0 is impacted. I see below libraries.
kafka-log4j-appender-2.3.0.jar log4j-1.2.17.jar scala-logging_2.12-3.9.0.jar slf4j-log4j12-1.7.26.jar
--
This message was sent by Atlassian Jira
(v8.20.1#820001)