Veracode e phatlalalitse liphetho tsa phuputso ea bohlokoa ba bofokoli bo boholo laebraring ea Log4j Java, e hloailoeng selemong se fetileng le selemo se fetileng. Kamora ho ithuta likopo tse 38278 tse sebelisoang ke mekhatlo e 3866, bafuputsi ba Veracode ba fumane hore 38% ea bona e sebelisa mefuta e tlokotsing ea Log4j. Lebaka le ka sehloohong la ho tsoela pele ho sebelisa khoutu ea lefa ke ho kopanngoa ha lilaebrari tsa khale ho etsa merero kapa mokhathala oa ho falla ho tloha makaleng a sa tšehetsoeng ho ea makaleng a macha a lumellanang le morao-rao (ho latela tlaleho e fetileng ea Veracode, 79% ea lilaebrari tsa mekhatlo ea boraro e falletse morerong. khoutu ha ho mohla e nchafatsoang).
Ho na le mekhahlelo e meraro ea mantlha ea lits'ebetso tse sebelisang mefuta e tlokotsing ea Log4j:
- 2.8% ea lits'ebetso li tsoela pele ho sebelisa mefuta ea Log4j ho tloha ho 2.0-beta9 ho isa ho 2.15.0, e nang le ts'oaetso ea Log4Shell (CVE-2021-44228).
- 3.8% ea lits'ebetso li sebelisa tokollo ea Log4j2 2.17.0, e lokisang tlokotsi ea Log4Shell, empa e siea ts'oaetso ea CVE-2021-44832 remote code execution (RCE) e sa lokisoa.
- 32% ea lits'ebetso li sebelisa lekala la Log4j2 1.2.x, tšehetso e felileng morao koana ka 2015. Lekala lena le angoa ke bofokoli ba bohlokoa CVE-2022-23307, CVE-2022-23305 le CVE-2022-23302, tse khethiloeng ka 2022 lilemo tse 7 ka mor'a ho fela ha tlhokomelo.
Source: opennet.ru