Arduino Hardware Support Package Log4j CVE-2021-44228 Vulnerability

17 views (last 30 days)
I see in the Mathworks Trust Center you have posted a response to CVE-2021-44228 Log4j vulnerability. A scan of our Matlab installation reveals Log4J version 2.12.0 in folder:
I believe this is related to the installed Arduino hardware support package. This looks like the same file version shipped with the Arduino IDE version 1.8.16.
Does the Trust Center statement cover this and similar Arduino support packages?

Answers (1)

Sebastian on 21 Dec 2021
We are aware of this vulnerability. The issue arises from use of the third-party Arduino toolchain and IDE that is required by our support package.
We are intending to update Arduino IDE that our Support Package uses as soon as feasible
Volker on 29 Mar 2022
What is the staus of that fix? I cannot find any answer that it was fixed by now

Sign in to comment.

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!