check_mkExtension to check for log4j2 CVE-2021-44228
This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0)
How it works
Run in 5 steps:
- Find all .jar, .war, .ear, .aar files recursively.
- Find
META-INF/maven/org.apache.logging.log4j/log4j-core/pom.properties
entry from JAR file. - Read groupId, artifactId, and version.
- Compare log4j2 version and print vulnerable version.