ESET Secure Authentication
nvaert1986 opened this issue · comments
ESET states that they're not vulnerable, but we have various companies that Have ESET Secure Authentication installed and perform a scan for files, then we see that log4j is included in ESET Secure Authentication in the Elasticsearch component which they're shipping in their binary.
[2021-12-16 10:19:27.784944] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\lib\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202: log4j 2.9.0 - 2.11.2]
[2021-12-16 10:19:28.847458] VULNERABLE: C:\Program Files\ESET Secure Authentication\elasticsearch\search-guard-tlstool-1.7\deps\log4j-core-2.11.1.jar -> org\apache\logging\log4j\core\net\JndiManager.class [04fdd701809d17465c17c7e603b1b202:log4j 2.9.0 - 2.11.2]
thanks @nvaert1986, can you please submit a PR? Thanks!
thanks @nvaert1986, can you please submit a PR? Thanks!
I can't as the
thanks @nvaert1986, can you please submit a PR? Thanks!
I can't as the new pull request button is greyed out and only see the base: main and branch: main
Can you try the steps listed here? https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files#editing-files-in-another-users-repository I am happy to help you succeed.
Can you try the steps listed here? https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files#editing-files-in-another-users-repository I am happy to help you succeed.
The pull request is made.
Thanks; what's the PR number? I'd like to close both at the same time :)