New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow mulitple results for the same log4j version #233

Open

pickeld opened this issue Jan 4, 2022 · 1 comment

Assignees

Labels

discussion

pickeld commented Jan 4, 2022

on log4j version 2.15 there are multiple CVEs but log4j2-scan only show one.
is it possible to show all CVEs related to a specific log4j version?

[*] Found CVE-2021-44228 (log4j 2.x) vulnerability in log4j-core-2.14.0.jar, log4j 2.14.0

i would have expecting that CVE-2021-44832 will also show up.

The text was updated successfully, but these errors were encountered:

Contributor

xeraph commented Jan 4, 2022

No. For simplicity, scanner shows only most significant vulnerability.

xeraph self-assigned this

xeraph added the discussion label

xeraph mentioned this issue

Addressing CVE-2022-23302, CVE-2022-23305 and CVE-2022-23307 #259

Open

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment