Hi there, we are using Active MQ Artemis Version 2.17.0 - Are we affected of those CVE´s / Log4Shell? - How can we patch?
Thanks and Best Regards Benjamin Gesendet: Montag, 13. Dezember 2021 um 11:04 Uhr Von: "Jean-Baptiste Onofré" <j...@nanthrax.net> An: users@activemq.apache.org Betreff: Re: ActiveMQ 5.16 and log4j vulnerabilities My understanding is that CVE-2019-17571 only impact socket/JMS appender. "Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data." Regards JB On 13/12/2021 10:56, Vilius Šumskas wrote: > Hi, > > log4j 1.2 series are vulnerable to CVE-2019-17571 which has a CVSS score of > 9.8. This needs to be addressed too. >