Vulnerability in Apache Log4j
이전 댓글 표시
Please provide instructions on how to update Apache Log4j particularly log4j-core-2.17.1.jar
This file shows medium vulnerability (CVE-2026-34480) and high vulnerability (CVE-2026-34477) on my Nessus scans. Thank you
댓글 수: 1
ADDENDUM
An AI-generated response states:
These CVEs affect Apache Log4j components, but MATLAB does not configure or invoke the vulnerable logging features:
- CVE-2026-34480: An XXE vulnerability in Log4j's XmlLayout. MATLAB does not use this configuration.
- CVE-2026-34477: A TLS hostname verification bypass. MATLAB does not configure its internal Log4j instances to use the vulnerable network or TLS appenders.
Note for Security Scanners:
Because Log4j packages are bundled within MATLAB and its third-party support packages, automated vulnerability scanners often flag them by simply reading the version number.
It (the AI bot) claims there is an official Mathworks response that confirms the above, but like @Walter Roberson, I've yet to find any response posted by a Mathworks staffer or the Mathworks Support Group. However, given the description of the particular vulnerabilities, the above assessments appear reasonable evaluations.
답변 (0개)
카테고리
도움말 센터 및 File Exchange에서 Image Data Workflows에 대해 자세히 알아보기
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
Translated by 
