All the Mods 7 - ATM7

All the Mods 7 - ATM7

Modpacks
3M Downloads

log4j?

jsuelwald opened this issue ยท 1 comments

commented

Is log4j an issue? Just posting output from log4j-vuln-finder here:

./log4j-vuln-finder - a simple local log4j vulnerability scanner

indicator for vulnerable component found in /home/mcserver/instances/atm7/setup/libraries/net/minecraft/server/1.18.1/server-1.18.1.jar::META-INF/libraries/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar (org/apache/logging/log4j/core/net/JndiManager$JndiManagerFactory.class): log4j 2.14.0-2.14.1
indicator for vulnerable component found in /home/mcserver/instances/atm7/setup/libraries/net/minecraft/server/1.18.1/server-1.18.1.jar::META-INF/libraries/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar (org/apache/logging/log4j/core/pattern/MessagePatternConverter.class): log4j 2.14
indicator for vulnerable component found in /home/mcserver/instances/atm7/setup/libraries/net/minecraft/server/1.18.1/server-1.18.1.jar::META-INF/libraries/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar (org/apache/logging/log4j/core/net/JndiManager.class): log4j 2.14.0-2.14.1
indicator for vulnerable component found in /home/mcserver/instances/atm7/setup/libraries/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar (org/apache/logging/log4j/core/net/JndiManager$JndiManagerFactory.class): log4j 2.14.0-2.14.1
indicator for vulnerable component found in /home/mcserver/instances/atm7/setup/libraries/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar (org/apache/logging/log4j/core/pattern/MessagePatternConverter.class): log4j 2.14
indicator for vulnerable component found in /home/mcserver/instances/atm7/setup/libraries/org/apache/logging/log4j/log4j-core/2.14.1/log4j-core-2.14.1.jar (org/apache/logging/log4j/core/net/JndiManager.class): log4j 2.14.0-2.14.1
Scan finished
commented

No, Minecraft 1.18.1 fixes the issue and Forge does too