Hi,
Our vulnerability scanning tool is detecting Elasticsearch-sql-cli-7.16.1.jar in the bin folder as vulnerable and the jar file contains a Jndilookup.class file. Is it supposed to be detected as vulnerable?
Can anyone please advise?
Thank you,
Oliver
Please read through Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 and let us know if you have any questions after that
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.