Your Web News in One Place

An Interest In:

Web News this Week

Search Archive

Some of Our Sources

View All Sources

Help Webnuz

Referal links:

Sign up for GreenGeeks web hosting
December 20, 2021 07:30 pm

More Than 35,000 Java Packages Impacted by Log4j Vulnerabilities, Google Says

Google's open-source team said they scanned Maven Central, today's largest Java package repository, and found that 35,863 Java packages use vulnerable versions of the Apache Log4j library. From a report: This includes Java packages that use Log4j versions vulnerable to the original Log4Shell exploit (CVE-2021-44228) and a second remote code execution bug discovered in the Log4Shell patch (CVE-2021-45046). James Wetter and Nicky Ringland, members of the Google Open Source Insights Team, said in a report today that typically when a major Java security flaw is found, it typically tends to affect only 2% of the Maven Central index. However, the 35,000 Java packages vulnerable to Log4Shell account to roughly 8% of the Maven Central total of ~440,000, a percentage the two described using just one word -- "enormous." But since the vulnerability was disclosed last week, Wetter and Ringland said the community has responded positively and has already fixed 4,620 of the 35,863 packages they initially found vulnerable. This number accounts to 13% of all the vulnerable packages.

Read more of this story at Slashdot.


Original Link: https://tech.slashdot.org/story/21/12/20/1930214/more-than-35000-java-packages-impacted-by-log4j-vulnerabilities-google-says?utm_source=rss1.0mainlink

Share this article:    Share on Facebook
View Full Article

Slashdot

Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..

More About this Source Visit Slashdot