Security
Security
A vulnerability has been found in Arduino which bundled a vulnerable version of log4j.
| Package | dev-embedded/arduino on all architectures |
|---|---|
| Affected versions | < 1.8.19 |
| Unaffected versions | >= 1.8.19 |
Arduino is an open-source AVR electronics prototyping platform.
A vulnerability has been discovered in Arduino. Please review the CVE identifier referenced below for details.
Arduino bundles a vulnerable version of log4j that may lead to remote code execution.
There is no known workaround at this time.
All Arduino users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-embedded/arduino-1.8.19"
Release date
December 22, 2023
Latest revision
December 22, 2023: 1
Severity
normal
Exploitable
remote
Bugzilla entries