Elastic image 8.5.3 Vulnerabilities

Elastic Stack Elasticsearch
1

We are downloading elastic images of docker hub. Elastic image is showing log4j vulnerabilities in 8.5.3 and 8.6 the images released in Dec 2022 and Jan2023. These vulnerabilities were addressed a year ago in dec 2021. Can you please confirm these are false positives. We use sysdig scanner
Severity

CriticalReported byNational Vulnerability Database

Package

org.apache.logging.log4j:log4j-slf4j-impl - 2.12.4JAVA

In Use

Package Path

/usr/share/elasticsearch/modules/apm/elastic-apm-agent-1.33.0.jar

2

Welcome to our community! :smiley:

As per Security issues | Elastic, please email security@elastic.co for questions regarding issues.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.