hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Clarify Log4jJndiInjection.ql query help

Browse Source
This commit is contained in:
Bas van Schaik
2021-12-14 12:32:36 +00:00
committed by GitHub
parent 85ff57bae6
commit d85ed9ea7a
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
View File

@@ -1,7 +1,8 @@
/**
* @name Log4j log injection and LDAP JNDI injection
* @name Potential Log4J LDAP JNDI injection (CVE-2021-44228)
* @description Building Log4j log entries from user-controlled data may allow
* attackers to inject malicious code through JNDI lookups.
* attackers to inject malicious code through JNDI lookups when
* using Log4J versions vulnerable to CVE-2021-44228.
* @kind path-problem
* @problem.severity error
* @precision high