AVG-2625 log

Package	arduino
Status	Fixed
Severity	Critical
Type	arbitrary code execution
Affected	1:1.8.16-1
Fixed	1:1.8.17-1
Current	Removed
Ticket	FS#72975
Created	Sun Dec 12 21:05:35 2021

Issue	Severity	Remote	Type	Description
CVE-2021-44228	Critical	Yes	Arbitrary code execution	Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI...

References
https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 https://github.com/arduino/Arduino/pull/11717 https://github.com/arduino/Arduino/commit/8ae1f94553a9e8bb229c32c4a4f6bd068762b53e

References

https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228
https://github.com/arduino/Arduino/pull/11717
https://github.com/arduino/Arduino/commit/8ae1f94553a9e8bb229c32c4a4f6bd068762b53e