Welcome, Guest. Please login or register.

Author Topic: NeDi & CVE-2021-44228  (Read 1673 times)

Saguu

  • Newbie
  • *
  • Posts: 27
    • View Profile
NeDi & CVE-2021-44228
« on: December 13, 2021, 10:36:34 am »
Hello Remi,

Could you confirm (or not) that NeDi is not vulnerable to the Log4Shell vuln (CVE-2021-44228) ?

Many thanks

Hannu Liljemark

  • Full Member
  • ***
  • Posts: 153
  • Here to help
    • View Profile
Re: NeDi & CVE-2021-44228
« Reply #1 on: December 13, 2021, 11:59:52 am »
While you wait for Remo's reply, I guess you've verified that with eg. 2.0.120p3 install package the situation is:

# lsof | grep .jar | awk '{print $9}'|sort -u| xargs -I{} grep -s JndiLookup.class "{}"
#

$ find /var/nedi 2>/dev/null -regex ".*.jar" -type f | xargs -I{} grep JndiLookup.class "{}"
$

So JndiLookup.class is not used. As expected since Nedi doesn't use java...

Br,
Hannu

Saguu

  • Newbie
  • *
  • Posts: 27
    • View Profile
Re: NeDi & CVE-2021-44228
« Reply #2 on: December 13, 2021, 12:31:09 pm »
Thanks