Details
-
Dependency
-
Status: Closed
-
Critical
-
Resolution: Fixed
-
2.5.20, 2.5.22, 2.5.25, 2.5.26, 2.5.27
-
None
-
Any version that uses log4j before 2.15.0
-
Patch, Important
Description
Hello,
It seems Apache struts is affected by the log4j vulnerability. I've shared my findings with the security team privately where you could review the vulnerable code paths.
Github PR: https://github.com/apache/struts/pull/511
Attachments
Issue Links
- links to