\uD83E\uDD14 Problem
A zero-day exploit has been found in the “Apache log4j” Java Component. The exploit allows remote code execution. This security issue is logged as “CVE-2021-44228”. It has the nickname “Log4Shell”.
...
NVD - CVE-2021-44228 (nist.gov)
Is PeopleSync affected?
\uD83C\uDF31 Solution
No. PeopleSync is not affected.
Product | Vulnerable | Reason |
|---|---|---|
PeopleSync Backend | No | The Backend is written in .net. We are not using log4j. For logging, we are using log4net, which is a port of log4j to the .net framework. Due to the absence of JNDI in .net, it is not possible to exploit Log4Shell in log4net. |
PeopleSync Frontend | No | The Frontend is written in PHP. We are not using log4j. |
PeopleSync Android App | No | There are no dependencies to log4j. |
\uD83D\uDCCE Related articles
| Filter by label (Content by label) | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|