Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
28 Apr 2020
27 Apr 2020
How to fix?
org.apache.logging.log4j:log4j to version 2.13.2 or higher.
org.apache.logging.log4j:log4j is an Apache Log4j library.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.