Google’s open-source team said they scanned Maven Central, today’s largest Java package repository, and found that 35,863 Java packages use vulnerable versions of the Apache Log4j library. From a report: This includes Java packages that use Log4j versions vulnerable to the original Log4Shell exploit (CVE-2021-44228) and a second remote code execution bug discovered in the Log4Shell patch (CVE-2021-45046). James Wetter and Nicky Ringland, members of the Google Open Source Insights Team, said in a report today that typically when a major Java security flaw is found, it typically tends to affect only 2% of the Maven Central index. However, the 35,000 Java packages vulnerable to Log4Shell account to roughly 8% of the Maven Central total of ~440,000, a percentage the two described using just one word — “enormous.” But since the vulnerability was disclosed last week, Wetter and Ringland said the community has responded positively and has already fixed 4,620
Tek Editor
Comments are closed.
Recent Comments
Archives
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- June 2021
- August 2020
Categories
- A.I.
- AALL Annual
- AALL Virtual Coffee Chat
- ABA TECHSHOW
- academia
- accessibility
- ActivityPub
- ai
- amazon prime
- Android 12
- animaze
- annotation
- api
- apps
- architecture
- archives
- artificial intelligence
- assessment
- Assetto Corsa
- audio
- Automobilista 2
- Awards
- aws
- Backdrop
- BERT
- books
- burnout
- cali
- cats
- CG
- chairs
- ChatLaw
- Chris Locke
- CKEditor
- clio
- Closed Course
- cloud software
- cloud storage
- code completion
- computers
- conferences
- configuration
- cooking
- Cool Tools
- CoolTools
- Cornell
- COVID
- covid-19
- COVID19
- cyberspace
- data extraction
- DDEV
- deep learning
- design patterns
- Dirt 4
- docker
- drum plugin
- drupal
- Drupal 10
- Drupal 11
- Drupal 7
- Drupal 8
- Drupal 9
- education
- elangdell
- elections
- embedding
- Emerging Technologies
- entertainment
- eprints
- facial recognition
- fediverse
- fine tuning
- food
- formula 1
- free instruments
- free sounds
- free tracks
- games
- GGML
- gitlab
- go
- gpt-3
- Grants
- Haystack
- hbo
- hbo max
- high performance
- higher education
- Home Assistant
- home automation
- Huggingface
- Hypothesis
- IIS
- instruction
- javascript
- Jupyter Lab
- Jupyter notebook
- keynote
- LangChain
- legal ed
- legal education
- Legal Information Institute
- legal research
- legal technology
- LII
- linux
- llama
- llamaindex
- LLM
- machine learning
- macs
- Mailman
- Mattermost
- metaverse
- Miniconda
- mods
- motivation
- movies
- music
- neural network
- NewsFeed
- NewsFeeds
- node-red
- node.js
- nvidia
- OAI
- open access
- Open Access Week 2021
- Open Assistant
- open source
- PC Gaming
- performance
- perl
- personalization
- PHP8
- Pinecone
- Pipermail
- plugins
- podcasts
- Polis
- posts
- progressive web app
- project management
- PWA
- python
- pytorch
- Race Sim Studios
- Rageboy
- raspberry pi
- rbg
- reading list
- recipes
- remote connections
- repository
- ribs
- s3
- scoring
- search
- security
- self-care
- sentence transformer
- settings
- sim racing
- sis
- slack
- snap camera
- social inequality
- sound
- sql
- StarCoder2
- streaming
- student information system
- student loans
- support
- technology competencies
- techshow
- teknoids
- television
- teleworking
- text
- text comparison
- The List
- thoughts
- Thurstmaster
- TMX
- Tom Bruce
- training
- trends
- tweets
- ubuntu
- unstructured
- usability
- vector db
- vicuna
- video
- virtual conferences
- weekend projects
- wellness
- windows
- windows 11
- windows subsystem for linux
- wordpress
- work
- work from home
- work productivity
- wsl2
- youtube
- yummy
- zoom
- Zoom filters