Hi Treasured node-red community. Is there any indication from Devs if node-red might be affected by the log4j vulnerability? Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability). Naturally we already avoid to expose any Node-RED page to the public internet. However it …

[image] Log4J vulnerability General Log4J is a Java Library, not a JavaScript library It will not be used by any node-red apps

Node-RED

Node-RED Forum

Node red and log4j vulnerability

Core Development

cymplecy 14 December 2021 16:35 2

2 Likes

Topic		Replies	Views
Log4J vulnerability General	2	1378	12 February 2022
More security considerations General	2	1046	6 October 2018
Node-RED compromise hack General security	20	688	22 December 2023
Prototype pollution vulnerability in function DEFNODE General	4	221	25 December 2022
4 high severity vulnerabilities while installing node-red@2.2.2 && 2.1.4 General	3	437	11 July 2022

Copyright OpenJS Foundation and Node-RED contributors. All rights reserved. The OpenJS Foundation has registered trademarks and uses trademarks. For a list of trademarks of the OpenJS Foundation, please see our Trademark Policy and Trademark List. Trademarks and logos not indicated on the list of OpenJS Foundation trademarks are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

Node red and log4j vulnerability

Related topics