https://bz.apache.org/bugzilla/show_bug.cgi?id=65753
Bug ID: 65753
Summary: Log4Shell vulnerability
Product: JMeter
Version: 5.4.1
Hardware: PC
Status: NEW
Severity: critical
Priority: P2
Component: Main
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: JMETER_5.5
A vulnerability in Apache Log4j, a widely used logging package for Java has
been found. The vulnerability, which can allow an attacker to execute arbitrary
code by sending crafted log messages, has been identified as CVE-2021-44228 and
given the name Log4Shell.
JMeter internally use log4j which has vulnerability according to below links.
It looks that version starting from 5.3 has this issue
(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)
https://logging.apache.org/log4j/2.x/security.html
https://www.trendmicro.com/en_us/research/21/l/patch-now-apache-log4j-vulnerability-called-log4shell-being-acti.html
--
You are receiving this mail because:
You are the assignee for the bug.
