数据仓库服务 GAUSSDB(DWS)-漏洞修复说明
漏洞修复说明
软件名称 |
软件版本 |
CVE编号 |
CSS 得分 |
漏洞描述 |
受影响版本 |
解决版本 |
---|---|---|---|---|---|---|
log4j |
2.13.2 |
CVE-2021-44228 |
9.8 |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. |
8.0.0~8.1.2 |
8.1.3 |
- 数据仓库服务GaussDB(DWS)_SQL on Anywhere
- 主机漏洞修复_主机安全怎么修复漏洞
- DWS安全_数据仓库服务安全_DWS数据安全管理_DWS安全保障_DWS安全策略
- 调用GaussDB(DWS) API接口_数据仓库服务调用API_如何调用API_在DWS中调用API
- GAUSS(DWS)工具_gsql工具_DataStudio工具_DSC工具
- DWS资源管理_GaussDB(DWS)资源管理作用_DWS资源管控
- DWS产品介绍_DWS产品优势_DWS功能_DWS使用场景_DWS是什么
- GaussDB(DWS)常用SQL_常用SQL命令_SQL语法
- 数据库监控DMS_数据库智能运维_了解Auto Pilot_DMS_DWS节点监控
- GaussDB数据库授权_GaussDB授权说明_高斯数据库授权-华为云