FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

openhab -- log4j remote code injection

Affected packages
openhab <= 2.5.12
openhab < 3.1.1
openhab2 <= 2.5.12
openhab2 < 3.1.1

Details

VuXML ID 93a1c9a7-5bef-11ec-a47a-001517a2e1a4
Discovery 2021-12-10
Entry 2021-12-13

Openhab reports:

Any openHAB instance that is publicly available or which consumes untrusted content from remote servers is potentially a target of this attack.

[source]

References

CVE Name CVE-2021-44228
URL https://github.com/advisories/GHSA-jfh8-c2jp-5v3q
URL https://github.com/openhab/openhab-distro/security/advisories/GHSA-j99j-qp89-pcfq
URL https://github.com/ops4j/org.ops4j.pax.logging/security/advisories/GHSA-xxfh-x98p-j8fr

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.