[jira] [Commented] (GUACAMOLE-1506) New CVE

Mike Jumper (Jira) Wed, 19 Jan 2022 06:06:35 -0800


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17478696#comment-17478696
 ]


Mike Jumper commented on GUACAMOLE-1506:
----------------------------------------

They do not. Apache Guacamole does not use Log4j.

https://guacamole.apache.org/security/#not-affected-by-cve-2021-44228

> New CVE
> -------
>
>                 Key: GUACAMOLE-1506
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1506
>             Project: Guacamole
>          Issue Type: Task
>            Reporter: Simon Jung
>            Priority: Critical
>
> Hello,
> can you please comment about the flaws CVE-2022-23302, CVE-2022-23305, 
> CVE-2022-23307 which were made public today and which might affect Guacamole:
>  - https://seclists.org/oss-sec/2022/q1/50 (Severity: High)
>  - https://seclists.org/oss-sec/2022/q1/51 (Severity: High)
>  - https://seclists.org/oss-sec/2022/q1/52 (Severity: Critical)
> Thank you.
> Kind regards
> Simon



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Commented] (GUACAMOLE-1506) New CVE

Reply via email to