As the title says. Looked online for a clear answer but can't find an answer anywhere as most of them just link to Log4J.
Is Log4JS npm package vulnerable to CVE-2021-44228 Log4J vulnerability
8.1k views Asked by Andrew At
1
There are 1 answers
Related Questions in LOG4J
- Purpose of setting debug="false" in log4j at configuration level
- log4j-api 2.20.0 causing : java.lang.NoClassDefFoundError: Could not initialize class org.apache.logging.log4j.util.PropertiesUtil
- log4j2 CronTriggeringPolicy results incorrect date in filename along with SizeBasedTriggeringPolicy
- Log4j is not writing logs into file
- How to print hudi logs in aws emr serverless application
- Is there a way to color-code Log4J2 in Windows Powershell?
- Not able to change the logging level log4j on Payara server
- How to implement log4j in IBM BPM?
- How can I change logger pattern?
- Log4J 2 - Each run has its own unique folder to store logs, and automatically delete old logs/folders
- Disable default logging in /opt/engine.log
- Native Compile java.lang.NoSuchMethodException: org.apache.logging.log4j.message.DefaultFlowMessageFactory.<init>() exception for apache-poi
- log4j 1.2.x outputs JSON format
- log4j java - dynamic logger creation in multi-thread environment
- Log4j is not accessible in eclipse
Related Questions in LOG4JS-NODE
- Log4js exits when multiple processes write to the same file
- How do we create a new log file every week using log4js
- How can I remove a warning from <pkg> to make a executable file of nodejs+express app?
- How to parse multiline json in Promtail
- How to resolve the issue > Cannot read properties of undefined (reading 'native') with log4js implementation in cypress?
- Why do I receive 2 log files in log4js?
- Using log4js with Vue 3
- log4js remove appender prefix
- Log4js not write into the file from the catch block
- Log4js permission error when installing something with npm
- log4js-node-DEP0004 - Deprecation warning in Angular 12 karma unit tests
- Writing to textbox inside iFrame on Wix website
- log4js appenders with webpack
- how can i install log4js in a react application?
- log4js and vulnerability CVE-2021-44228
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Popular Tags
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
The answer is simple: Log4JS and Log4J share only a similar name and API. The codebases are entirely different (and written in different languages). The vulnerability of Log4J does not apply obviously to Log4JS.
This kind of vulnerability could not even be easily implemented in JavaScript. Java's vulnerability is based on JNDI lookups, which usually are used to retrieve simple configuration data. However they also allow to retrieve serialized Java objects and new classes (cf. Oracle's documentation).
The JavaScript equivalent of this vulnerability would be a formatter that replaces:
with