As far as I understand, no, because CUBA Platform uses logback as logging engine, and does not have log4j-core dependency on Log4j version 2.0
2 Likes
Hi Yuriy,
As I understand it, there is a log4j 1.2 dependency in CUBA and that also has a similar type of vulnerability.
Can you comment on the exposure to this vulnerability?
Thanks.
Please check this post: