Impact
All versions of the Jeak framework from 1.2.0 and below are vulnerable to the Log4Shell exploit and must be upgraded to 1.2.1 or above immediately.
Patches
The version of Log4J-core has been upgraded to a non-vulnerable version in Jeak 1.2.1 and above.
Workarounds
The vulnerability can be disabled by adding the JVM-Argument -Dlog4j2.formatMsgNoLookups=true when starting the Jeak framework. This disables the attack vector in log4j-core.
References
For a some good information on the vulnerability, see: https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-44228/
Impact
All versions of the Jeak framework from 1.2.0 and below are vulnerable to the Log4Shell exploit and must be upgraded to 1.2.1 or above immediately.
Patches
The version of Log4J-core has been upgraded to a non-vulnerable version in Jeak 1.2.1 and above.
Workarounds
The vulnerability can be disabled by adding the JVM-Argument
-Dlog4j2.formatMsgNoLookups=truewhen starting the Jeak framework. This disables the attack vector in log4j-core.References
For a some good information on the vulnerability, see: https://snyk.io/blog/log4j-rce-log4shell-vulnerability-cve-2021-44228/