Vulnerability in Apache Log4j
Mostrar comentarios más antiguos
Please provide instructions on how to update Apache Log4j particularly log4j-core-2.17.1.jar
This file shows medium vulnerability (CVE-2026-34480) and high vulnerability (CVE-2026-34477) on my Nessus scans. Thank you
1 comentario
ADDENDUM
An AI-generated response states:
These CVEs affect Apache Log4j components, but MATLAB does not configure or invoke the vulnerable logging features:
- CVE-2026-34480: An XXE vulnerability in Log4j's XmlLayout. MATLAB does not use this configuration.
- CVE-2026-34477: A TLS hostname verification bypass. MATLAB does not configure its internal Log4j instances to use the vulnerable network or TLS appenders.
Note for Security Scanners:
Because Log4j packages are bundled within MATLAB and its third-party support packages, automated vulnerability scanners often flag them by simply reading the version number.
It (the AI bot) claims there is an official Mathworks response that confirms the above, but like @Walter Roberson, I've yet to find any response posted by a Mathworks staffer or the Mathworks Support Group. However, given the description of the particular vulnerabilities, the above assessments appear reasonable evaluations.
Respuestas (0)
hace alrededor de 15 horas
Community Treasure Hunt
Find the treasures in MATLAB Central and discover how the community can help you!
Start Hunting!
Translated by 
