AVG-2625 log

Package arduino
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 1:1.8.16-1
Fixed 1:1.8.17-1
Current 1:1.8.19-1 [community]
Ticket FS#72975
Created Sun Dec 12 21:05:35 2021
Issue Severity Remote Type Description
CVE-2021-44228 Critical Yes Arbitrary code execution
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI...
References
https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228
https://github.com/arduino/Arduino/pull/11717
https://github.com/arduino/Arduino/commit/8ae1f94553a9e8bb229c32c4a4f6bd068762b53e