Should we assume this vulnerability may affect OpenAS2?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
I see a log4j jar in resources/db/ddlutilis-lib.
The library is only used to generate the DDL file for the DB. Not used in the OpenAS2 server which uses commons logging.
Log in to post a comment.
Should we assume this vulnerability may affect OpenAS2?
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
I see a log4j jar in resources/db/ddlutilis-lib.
The library is only used to generate the DDL file for the DB.
Not used in the OpenAS2 server which uses commons logging.