dbb766218e
CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307. Though it does not contain a vulnerable configuration of log4j, to avoid needing to prove that and false positives of security scanners, this commit is the result of running the following commands: zip -q -d monasca_agent/collector/checks/libs/jmxfetch-0.3.0-jar-with-dependencies.jar org/apache/logging/log4j/core/lookup/JndiLookup.class org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*" unzip monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar WORLDS-INF/lib/log4j.jar zip -q -d WORLDS-INF/lib/log4j.jar org/apache/logging/log4j/core/lookup/JndiLookup.class org/apache/log4j/net/JMSAppender.class org/apache/log4j/jdbc/JDBCAppender.class org/apache/log4j/net/JMSSink.class org/apache/log4j/chainsaw"*" zip monasca_agent/collector/checks/libs/jmxterm-1.0-DATADOG-uber.jar WORLDS-INF/lib/log4j.jar Change-Id: Id47ba9397e7fef1ac8622abb2a1691a260f4bc9c |
||
|---|---|---|
| .. | ||
| checks | ||
| checks_d | ||
| virt | ||
| __init__.py | ||
| daemon.py | ||
| jmxfetch.py | ||