Security Warning: CVE-2021-44228 flagged by Wiz #64
Comments
|
I would also second this issue we are experiencing on a few of our production applications. Could we perhaps get a fix in to address this? |
|
@LinusU I created a PR to fix this if you would be kind enough to review and merge. :-) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi 👋,
I'm opening this issue because my security scanner (Wiz) flagged a potential vulnerability: CVE-2021-44228 (Log4Shell) in a project that uses react-native-get-random-values.
However, this package is JavaScript-based and does not depend on Java or Log4j, which makes me suspect it could be a false positive. The vulnerability is associated with the Java logging library Log4j, but this project doesn't have any relation to Java at all unless in the android package.
Here's the context:
Package: react-native-get-random-values
Dependency tree: indirectly used through @aws-sdk/[email protected]
Scanner: Wiz
CVE: CVE-2021-44228
Please confirm if this project or any of its dependencies could include Log4j (directly or transitively) ?
The text was updated successfully, but these errors were encountered: