Arduino Hardware Support Package Log4j CVE-2021-44228 Vulnerability

27 次查看(过去 30 天)
James Cox
James Cox 2021-12-16
回答: MathWorks MATLAB Hardware Team 2024-7-16
I see in the Mathworks Trust Center you have posted a response to CVE-2021-44228 Log4j vulnerability. A scan of our Matlab installation reveals Log4J version 2.12.0 in folder:
\MATLAB\SupportPackages\R2021a\aIDE\lib
I believe this is related to the installed Arduino hardware support package. This looks like the same file version shipped with the Arduino IDE version 1.8.16.
Does the Trust Center statement cover this and similar Arduino support packages?

请先登录,再回答此问题。

回答(2 个)

Sebastian
Sebastian 2021-12-21
We are aware of this vulnerability. The issue arises from use of the third-party Arduino toolchain and IDE that is required by our support package.
Here is the link to Arduino’s response : Arduino's response to Log4j2 vulnerability CVE-2021-44228 – Arduino Help Center.
We are intending to update Arduino IDE that our Support Package uses as soon as feasible
  3 个评论
显示 1更早的评论
Nick Moore
Nick Moore 2022-1-6
When should we expect an update to be released? Arduino removed log4j on 12-21.
Volker
Volker 2022-3-29
What is the staus of that fix? I cannot find any answer that it was fixed by now

请先登录,再进行评论。

MathWorks MATLAB Hardware Team
Hi,
MATLAB versions from R2019a to R2021a have a log4j vulnerability in both the MATLAB and Simulink Support Packages for Arduino hardware.
From R2021b to R2023b, we upgraded our support package to eliminate this vulnerability.
Please consider updating MATLAB to any version after R2021b and installing the support package if you wish to work with Arduino without any vulnerability.
Thanks,
MATLAB Hardware Team
MathWorks

类别

Help CenterFile Exchange 中查找有关 MATLAB Support Package for Arduino Hardware 的更多信息

标签

产品


版本

R2021a

Community Treasure Hunt

Find the treasures in MATLAB Central and discover how the community can help you!

Start Hunting!

Translated by