Thanks, Indhumathi. These analysis info would be very helpful for us. Regards Liang
On 2021/12/30 12:31:12 Indhumathi M wrote: > Hello all, this discussion is related to a Log4j2 vulnerability. > > As you may be aware, there has been a critical vulnerability in Log4j2, the > Java Logging Library, > > that could result in Remote Code Execution (RCE) if an affected version of > log4j (2.0 <= log4j <= 2.15.0) > > logs an attacker-controlled string value without proper validation. Please > see more details on CVE-2021-44228 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228>. > > We currently believe that the Apache CarbonData platform is not impacted. > Apache CarbonData does not > > directly use a version of log4j known to be affected by the vulnerability. > We have reviewed the code and > > run the vulnerability tool, as per the tool report, these three > vulnerabilities (CVE-2021-44228, > > CVE-2021-45046,CVE-2021-45105) are not identified. > > > Regards, > > Indhumathi M >