Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Am I exposing myself to a log4j[1] vulnerability by installing WIPO Sequence?

In short, no. A zero-day exploit has been reported against the popular log4J2 Javascript library which can allow an attacker to remotely execute code[1].

According to the Spring Boot documentation, only applications using log4j-core and including input in log messages are vulnerable and as the WIPO sequence validator uses only the log4j-to-slf4j and the log4j-api and both cannot be exploited on their own.  As such, the WIPO Sequence is not affected by this vulnerability.

...