AWS NoSQL Workbench log4j
0
Can you point me to someone that can confirm for a customer that NoSQL Workbench is not using Log4j?
demandé il y a 2 ans250 vues
1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
NoSQL Workbench is an electron app and doesn't use Java so wouldn't be vulnerable to log4j. You can download the source code here: https://aws.amazon.com/nosql/nosql-workbench-license/source-code-notice/
répondu il y a 2 ans
Contenus pertinents
- demandé il y a 6 mois
- demandé il y a 6 mois
- demandé il y a un an
AWS OFFICIELA mis à jour il y a 6 mois- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
In the documentation, it says JavaScript is used.
Can you clarify if it is vulnerable to the log4j issue?
Documentation: https://www.electronjs.org/docs/latest/ What is Electron? Electron is a framework for building desktop applications using JavaScript, HTML, and CSS. By embedding Chromium and Node.js into its binary, Electron allows you to maintain one JavaScript codebase and create cross-platform apps that work on Windows, macOS, and Linux — no native development experience required.
log4j is a vulnerability that affects a Java dependency. Javascript is different from Java and a JavaScript program cannot depend on the Java log4j library. Therefore, NoSQL Workbench is not vulnerable to the log4j issue.