diff options
author | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-12-13 13:58:00 +0100 |
---|---|---|
committer | Fabian Meumertzheim <fabian@meumertzhe.im> | 2021-12-13 14:00:59 +0100 |
commit | f4e3fc2b49e139e8829720d2b1c44aba9f1ac367 (patch) | |
tree | 9910a2795b84488e4c0282a962e2a505e97a9a0a | |
parent | 6ae678426a2915fedf2342becacb2c36c04d659c (diff) | |
download | jazzer-api-f4e3fc2b49e139e8829720d2b1c44aba9f1ac367.tar.gz |
Add a warning to the Log4jFuzzer
At least in theory, when run on an old JDK, this fuzzer could randomly
pick up log4j exploits.
-rw-r--r-- | examples/BUILD.bazel | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/examples/BUILD.bazel b/examples/BUILD.bazel index 7f65a15b..dde8aaeb 100644 --- a/examples/BUILD.bazel +++ b/examples/BUILD.bazel @@ -102,6 +102,8 @@ java_fuzz_target_test( target_compatible_with = SKIP_ON_MACOS, ) +# WARNING: This fuzz target uses a vulnerable version of log4j, which could result in the execution +# of arbitrary code during fuzzing if executed with an older JDK. Use at your own risk. java_fuzz_target_test( name = "Log4jFuzzer", timeout = "long", |