Apache Log4j 2 CVE-2021-44228

Source: www.docker.com

Apache Log4j 2 CVE-2021-44228

Category: Kubernetes, github

We know that many of you are working hard on fixing the new and serious Log4j 2 vulnerability https://nvd.nist.gov/vuln/detail/CVE-2021-44228, which has a 10.0 CVSS score. This vulnerability in Log4j 2, a very common Java logging library, allows remote code execution, often from a context that is easily available to an attacker.

The configuration for the docker scan command previously shipped in Docker Desktop versions 4.3.0 and earlier unfortunately do not pick up this vulnerability on scans.

docker scan elastic/logstash:7.13.3 or to cut out all the other vulnerabilities docker scan elastic/logstash:7.13.3 | grep 'Arbitrary Code Execution'

A number of the Docker Official images do contain the vulnerable versions of Log4j 2.
Read Full Article On www.docker.com
Achieve superior email deliverability with ToastMail! Our AI-driven tool warms up inboxes, monitors reputation, and ensures emails reach their intended destination. Sign up today for a spam-free future.

Related Articles

Interview with Dylan Scott — DevOps Engineer & Founder of Docker Southampton User Group
Interview with Dylan Scott — DevOps Engineer & Founder of Docker Southampton User Group
How DevSecOps Can Help Avoid Catastrophic Breaches
How DevSecOps Can Help Avoid Catastrophic Breaches
Top 8 outsourced Kubernetes experts of 2018 – Data Driven Investor – Medium
Top 8 outsourced Kubernetes experts of 2018 – Data Driven Investor – Medium
Community Partners
CrowdSec
Autonomous.ai | Best Standing Desks & Ergonomic Office Chairs

Namecheap

Mailjet

Become a Partner?
DevOps Careers
    • Add a Job?