1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Hi @jayaram
Yes there is a fix, you need to set up an EMR bootstrap action to run the provided script for the EMR version as described in Approach to mitigate CVE-2021-44228
답변함 2년 전
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
Hi @jayaram
Yes there is a fix, you need to set up an EMR bootstrap action to run the provided script for the EMR version as described in Approach to mitigate CVE-2021-44228
Can you provide details on this specific CVE : 2021-44832 This one is reffering to all the 2.x versions. Can you let me know when will the patch be available for this?
@jayaram CVE : 2021-44832 should only impact Apache Log4j2 versions 2.0-beta7 through 2.17.0 and the resolution is : This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2. https://nvd.nist.gov/vuln/detail/CVE-2021-44832