Author Topic: NeDi & CVE-2021-44228 (Read 2197 times)

Saguu · « **on:** December 13, 2021, 10:36:34 am »

Hello Remi,

Could you confirm (or not) that NeDi is not vulnerable to the Log4Shell vuln (CVE-2021-44228) ?

Many thanks

Hannu Liljemark · « **Reply #1 on:** December 13, 2021, 11:59:52 am »

While you wait for Remo's reply, I guess you've verified that with eg. 2.0.120p3 install package the situation is:

# lsof | grep .jar | awk '{print $9}'|sort -u| xargs -I{} grep -s JndiLookup.class "{}"
#

$ find /var/nedi 2>/dev/null -regex ".*.jar" -type f | xargs -I{} grep JndiLookup.class "{}"
$

So JndiLookup.class is not used. As expected since Nedi doesn't use java...

Br,
Hannu

Saguu · « **Reply #2 on:** December 13, 2021, 12:31:09 pm »

Thanks

Author Topic: NeDi & CVE-2021-44228 (Read 2197 times)

Saguu

NeDi & CVE-2021-44228

Hannu Liljemark

Re: NeDi & CVE-2021-44228

Saguu

Re: NeDi & CVE-2021-44228