Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Am I exposing myself to a log4j vulnerability by installing WIPO Sequence?

In short, no. 

A zero-day exploit has been reported against the popular log4J2 Javascript library which can allow an attacker to remotely execute code[1].

According to the Spring Boot documentation, only applications using log4j-core and including input in log messages are vulnerable and as the WIPO sequence validator uses only the log4j-to-slf4j and the log4j-api and both cannot be exploited on their own.  As such, the WIPO Sequence is not affected by this vulnerability.

[1] https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot

  • No labels