You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3Lines changed: 3 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,6 +4,8 @@
4
4
5
5
This repository contains a tool to detect if a jar file is affected by the critical CVE-2021-44228. The tool scans the jar file and compares the classses against a set of vulnerable hashes for classes within the jar file. The hashes have been pre-computed for artifacts on [Maven Central](https://mvnrepository.com/repos/central).
6
6
7
+
**IMPORTANT UPDATE: We updated [the list of affected artifacts](src/main/resources/VulnerableGavs.csv) on Maven Central. The list contains 18.816 artifacts. The artifacts either use log4j-core as declared dependency, or we identified .class files within the artifacts that match to the affected versions of log4j-core.**
8
+
7
9
## How to run this tool
8
10
9
11
1. Download the [jar file](https://github.com/CodeShield-Security/Log4JShell-Bytecode-Detector/releases/download/v0.4/Log4JDetector-0.4-jar-with-dependencies.jar) under releases.
@@ -100,5 +102,6 @@ The list of hashes and maven artifacts is not complete. We'll regularly update t
100
102
* Johannes Spaeth <johannes.spaeth@codeshield.io>
101
103
102
104
## If you want to learn more about the technology, reach out to us!
0 commit comments