Hello Ayush, Thanks for replying, however the CVE-2021-4104 which is for Log4J 1.x is also have impact on our application as we are using Hadoop.
Can you please confirm what is the mitigation for this CVE? Regards, Deepti Sharma PMP® & ITIL From: Ayush Saxena <[email protected]> Sent: Monday, January 10, 2022 3:17 AM To: Deepti Sharma S <[email protected]> Cc: [email protected] Subject: Re: Apache Hadoop Fix for CVE-2021-44228, CVSS 10.0 (Critical) It is written on the website: https://hadoop.apache.org/ Hadoop, as of today depends on log4j 1.x, which is NOT susceptible to the attack (CVE-2021-44228). On 09-Jan-2022, at 8:19 PM, Deepti Sharma S <[email protected]<mailto:[email protected]>> wrote: Hello Team, As we have Log4J vulnerability CVE-2021-44228, CVSS 10.0 (Critical), can you please confirm, when we have Hadoop version release which has this vulnerability fix and has Log4J version 2.17? Regards, Deepti Sharma PMP® & ITIL
