[Bug 57291] New: Veracode scan detected OS command injection vulnerability in Log4j.jar - JDBCAppender.java:178

bugzilla Mon, 01 Dec 2014 02:23:18 -0800

https://issues.apache.org/bugzilla/show_bug.cgi?id=57291


            Bug ID: 57291
           Summary: Veracode scan detected OS command injection
                    vulnerability in Log4j.jar - JDBCAppender.java:178
           Product: Log4j
           Version: 1.2
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Appender
          Assignee: [email protected]
          Reporter: [email protected]

Log4j is embedded in EMC Corporation's DFS 6.7SP1.
We performed Veracode scan for DFS 6.7SP1 and scan reported that code in
Log4j.jar - JDBCAppender.java:178 (no further details) is POSSIBLY vulnerable
to SQL injection attacks.

Log4j version: 1.2.13

Need update on this from Apache side.
It it really vulnerable? if yes, is it fixed in some future version?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[Bug 57291] New: Veracode scan detected OS command injection vulnerability in Log4j.jar - JDBCAppender.java:178

Reply via email to