As the entire world know that the log4j vulnerability involves jndi ldap lookup attack. There cpuld be many other libraries using jndi ldap lookup for property resolutions. What is the possibilty people? Like Spring Property placeholder configurator? Not sure whether it uses jndi-ldap in similar way internally ? We need to explore the same.
Asked
Active
Viewed 158 times
0
-
You might have more luck with the [Security StackExchange](https://security.stackexchange.com). StackOverflow is for specific programming questions, not initiating bug hunts. – D M Dec 23 '21 at 00:15
-
1@Pankaj: most JNDI lookups are restricted to the `java:comp/env` namespace. Log4j was the exception rather than the rule. – Piotr P. Karwasz Dec 23 '21 at 06:59
-
Please clarify your specific problem or provide additional details to highlight exactly what you need. As it's currently written, it's hard to tell exactly what you're asking. – Community Jan 04 '22 at 17:31