Home > front end >  Detecting Apache Log4j vulnerability presence in gradle transitive dependencies
Detecting Apache Log4j vulnerability presence in gradle transitive dependencies

Time:12-23

There is a recent vulnerability in log4j https://nvd.nist.gov/vuln/detail/CVE-2021-44228 which has criticality score of 10

How to check the presence of Log4j vulnerable versions in gradle so that it would list all the dependencies including the transitive dependencies?

CodePudding user response:

We can use

./gradlew -q dependencies

To list the dependency tree. It will list all dependencies with their respective version. Since this output can be lengthy, we can filter it down with grep:

./gradelw -q dependencies | grep -i log4j

This will list all log4j-dependencies with their respective version.

CodePudding user response:

gradle -q dependencyInsight --dependency org.apache.logging.log4j 
 --configuration scm

There is another way to check this list using dependencyInsight as per the article:- https://venturebeat.com/2021/12/17/how-to-detect-whether-you-have-the-log4j2-vulnerability/

Page link:https//www.codepudding.com/frontend/238483.html

Prev:How to print the content of file along with line number without using cat -b or cat -n option
Next:How to change inline onClick function of radio button to a separate script
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding