https://www.cvedetails.com/vulnerability-list.php?vendor_id=45&product_id=7281&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=2&sha=f70b070c708ceeabfdce6d62f53aef9c82924571
-- Sent from Canary (https://canarymail.io) > On Wednesday, Dec 15, 2021 at 5:15 PM, Dahlia Trimble > <dahliatrim...@gmail.com (mailto:dahliatrim...@gmail.com)> wrote: > > Github's Dependabot says very publicly that our Log4Net.dll has an XXE > vulnerability. > > This is eluding my google-fu and I can't find anything about it. Have a > link? > > -D > > On Wed, Dec 15, 2021 at 10:00 AM Fred Beckhusen <f...@mitsi.com> wrote: > > > Github's Dependabot says very publicly that our Log4Net.dll has an XXE > > vulnerability. That's the issue. > > > > We don't load Robust.exe.config or Opensim.exe.config with user supplied > > data, so AFAIK, we don't have a exploitable security issue. But that > > may not matter. IT professionals will be much more sensitive to XXE > > after their Log4J remediation efforts. > > > > We all know that the major sponsors of Opensim are Universities. Their > > IT departments are under attack. > > > > ~ Fred > > > > > > _______________________________________________ > > Opensim-dev mailing list > > Opensim-dev@opensimulator.org > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > _______________________________________________ > Opensim-dev mailing list > Opensim-dev@opensimulator.org > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev _______________________________________________ Opensim-dev mailing list Opensim-dev@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
