Hello do you know if yunohost or any application is vulnerable to CVE-2021-44228 Apache Log4j2 <= 2.14.1 JNDI characteristics used in configuration, log messages and parameters not protected against LDAP controlled by attackers and other JNDI related endpoints.
This was already discussed in Log4Shell zeroday and YNH
TL;DR : Yunohost per se is not vulnerable, but there could be a few java apps in the catalog. You can check if you’re vulnerable by running dpkg --list | grep log4j. If this doesn’t return anything, you’re safe.
3 Likes