Typescript is using log4javascript, is it the same as log4j? If yes, how can we keep our application secure?
Asked
Active
Viewed 1,819 times
2
-
1Does this answer your question? [Is Log4JS npm package vulnerable to CVE-2021-44228 Log4J vulnerability](https://stackoverflow.com/questions/70336103/is-log4js-npm-package-vulnerable-to-cve-2021-44228-log4j-vulnerability) – Piotr P. Karwasz Dec 20 '21 at 13:45
-
1Are Log4JS and Log4Javascript the same? – Riya Ghosh Dec 20 '21 at 14:48
-
2No, but the Log4j bug can not be implemented in any other non-JVM language. Only Java has JNDI lookups. – Piotr P. Karwasz Dec 20 '21 at 15:03
1 Answers
4
log4javascript is a JavaScript dependency (as the name already says). log4j is a Java dependency and only this is vulnerable. log4javascript is not vulnerable to CVE-2021-44228 and a JavaScript program cannot depend on the Java library log4j. The languages are not compatible.
Simulant
- 19,190
- 8
- 63
- 98