Riya Ghosh
Reputation: 57
Is log4javascript vulnerable to Apache Log4j (Java logging library) remote code execution CVE-2021-44228?
Typescript is using log4javascript, is it the same as log4j? If yes, how can we keep our application secure?
Upvotes: 2
Views: 2289
Answers (1)
Simulant
Reputation: 20112
log4javascript is a JavaScript dependency (as the name already says). log4j is a Java dependency and only this is vulnerable. log4javascript is not vulnerable to CVE-2021-44228 and a JavaScript program cannot depend on the Java library log4j. The languages are not compatible.
Upvotes: 5
Related Questions
- Log4j vulnerability - Is Log4j 1.2.17 vulnerable (was unable to find any JNDI code in source)?
- Log4j Vulnerability in 3rd party applications like apache zookeeper
- Log4j 1: How to mitigate the vulnerability in Log4j without updating version to 2.15.0
- Does Groovy have log4j vulnerability?
- Python logging module & indirect log4j vulnerability exposure?
- CVE-2021-44228 and log4j 1.2.17
- Does the Log4j security violation vulnerability affect log4net?
- Doubts about mitigations to Apache's Log4j library vulnerability
- Are you safe from log4j CVE-2021-44228 if Java is not installed?
- Is log4j vulnerable? Sample code to test the vulnerability