bugfix: 修复log4j1.x配置代码执行漏洞(CVE-2021-4104) #1756
Assignees
Labels
Comments
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Feb 22, 2023
jsonwan
added a commit
that referenced
this issue
Feb 22, 2023
bugfix: 修复log4j1.x配置代码执行漏洞(CVE-2021-4104) #1756
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Feb 22, 2023
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Feb 22, 2023
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Feb 23, 2023
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Feb 23, 2023
jsonwan
added a commit
that referenced
this issue
Feb 23, 2023
bugfix: 修复log4j1.x配置代码执行漏洞(CVE-2021-4104) #1756
jsonwan
added a commit
that referenced
this issue
Feb 28, 2023
bugfix: 修复log4j1.x配置代码执行漏洞(CVE-2021-4104) #1756
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Mar 2, 2023
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Mar 3, 2023
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Mar 3, 2023
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Mar 3, 2023
liuliaozhong
added a commit
to liuliaozhong/bk-job
that referenced
this issue
Mar 3, 2023
jsonwan
added a commit
that referenced
this issue
Mar 3, 2023
bugfix: 修复log4j1.x配置代码执行漏洞(CVE-2021-4104) #1756
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
出了什么问题?(What Happened?)
log4j1.x配置代码执行漏洞(CVE-2021-4104)
如何复现?(How to reproduce?)
job-execute.jar包存在类库log4j-1.2.17.jar。
job使用logback组件管理日志,log4j是curator-framework:5.1.0依赖进来的,但是直接删除会报错。可以升级到最新版,最新版没使用log4j
预期结果(What you expect?)
jar不含log4j-1.2.17.jar
The text was updated successfully, but these errors were encountered: