Log4j and OSM

Just wondering if there were any known log4j vulnerabilities if folks are using the OSM Overpass API? Haven't seen any official statements put out by OSM like for other organizations. Admittedly I can't see how there would be issues, but since it's not super clear from the Wiki (to a novice like myself) how the API is structured I figured I'd ask.

overpass security api

asked 09 Feb '22, 18:01

sillywizard
16●1●1●3
accept rate: 0%

edited 09 Feb '22, 18:23

One Answer:

active answers oldest answers newest answers popular answers

OSMF only manage the "core" openstreetmap.org servers, which run mostly on Ruby on Rails, with some C optimizations, so I don't think they will issue any statement regarding Log4j.

The OSM ecosystem is quite diverse and not centrally managed, so you'll need to check every software you use.

The Overpass API you mention looks to be mostly coded in C++, so I don't think there would any trouble there.

Anyway, if I understand correctly the Log4Shell exploit, the trouble would be for server's administrators, not users.

Disclaimer : I'm neither security nor Java expert.

Regards.

permanent link

answered 09 Feb '22, 18:48

H_mlet
5.4k●17●81
accept rate: 13%

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

*italic* or _italic_
**bold** or __bold__
link:[text](http://url.com/ "title")
image?![alt text](/path/img.jpg "title")
numbered list: 1. Foo 2. Bar
to add a line break simply add two spaces to where you would like the new line to be.
basic HTML tags are also supported

learn more about Markdown

Question tags:

overpass ×483
api ×290
security ×10

question asked: 09 Feb '22, 18:01

question was seen: 1,256 times

last updated: 09 Feb '22, 18:48

Log4j and OSM

Follow this question

Related questions