Rajendra created KAFKA-13537:
--------------------------------
Summary: Will kafka_2.12-2.3.0 version be impacted by new zero-day
exploit going on since last friday?
Key: KAFKA-13537
URL: https://issues.apache.org/jira/browse/KAFKA-13537
Project: Kafka
Issue Type: Bug
Environment: All
Reporter: Rajendra
h3. new zero-day exploit has been reported against the popular Log4J2 library
which can allow an attacker to remotely execute code.
h3. Affected Software
A significant number of Java-based applications are using log4j as their
logging utility and are vulnerable to this CVE. To the best of our knowledge,
at least the following software may be impacted:
* Apache Struts
* Apache Solr
* Apache Druid
* Apache Flink
* ElasticSearch
* Flume
* Apache Dubbo
* Logstash
* Kafka
* Spring-Boot-starter-log4j2
Wondering if kafka_2.12-2.3.0 is impacted. I see below libraries.
kafka-log4j-appender-2.3.0.jar log4j-1.2.17.jar scala-logging_2.12-3.9.0.jar
slf4j-log4j12-1.7.26.jar
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
