Vendor Resources

Resource	Link
https://cloud.google.com/log4j2-security-advisory	https://cloud.google.com/log4j2-security-advisory

Community Resources

Resource	Link
source	https://cloud.google.com/log4j2-security-advisory

Community Notes

Source	Note
NCSC-NL	CVE-2021-4104: Not vuln ; CVE-2021-44228: Not vuln ; CVE-2021-45046: Not vuln ; CVE-2021-45105: Not vuln
NCSC-NL	Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version.
CISAGov	Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version.
CISAGov	Last Update: 12/21/2021

Sources

Date	Attribution	Description
2021-12-27 15:29:04	NCSC-NL	Updated communityNotVulnerable. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50	CISAGov	Updated communityNotVulnerable. Updated vendor link https://cloud.google.com/log4j2-security-advisory. Updated community note. Updated community note.