Is Mosquitto vulnerable to log4J exploit?

TKFCE · December 15, 2021, 10:49am

Hi Treasured colleagues

Is there any reason to think Moqsuitto would be affected by the log4shell exploit?
Tech Solvency: The Story So Far: CVE-2021-44228 (Log4Shell log4j vulnerability).

I don’t see any Java in the mosquitto github repo but I still want to check with the experts. Better to be safe than sorry with our critical services.

roger.light · December 15, 2021, 3:51pm

Hi,

No, Mosquitto makes no use of Java whatsoever so it is unaffected.

Regards,

Roger

TKFCE · December 15, 2021, 4:12pm

Thanks so much for your quick reply. Appreciate it.

Topic		Replies	Views
Support for OpenSSL v3.0 and later Mosquitto MQTT Broker	1	203	September 21, 2022
MQTT SSL Setup on windows Mosquitto MQTT Broker	1	167	August 28, 2023
Mosquitto (on Windows Server) not logging Mosquitto MQTT Broker	1	709	August 3, 2022
`no shared cipher` with Tasmota/Mosquitto compiled from source Mosquitto MQTT Broker	2	302	November 16, 2021
Window mosquitto_passwd error Mosquitto MQTT Broker	1	345	September 15, 2021

Is Mosquitto vulnerable to log4J exploit?

Related Topics