[BUILD-856] Suppress mismatched log4j vulnerability CVE-2022-33915 Created: 01/Jul/22  Updated: 18/Aug/22  Resolved: 01/Jul/22

Status: Closed
Project: Build
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Neutral
Reporter: Federico Grilli Assignee: Federico Grilli
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Team: Foundation

 Description   

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. 

Magnolia does not use such library.

https://nvd.nist.gov/vuln/detail/CVE-2022-33915



 Comments   
Comment by Federico Grilli [ 01/Jul/22 ]

Added to dependency-check-mismatches-suppression.xml

Generated at Sun Feb 11 23:45:50 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.