Clarified --fix option coverage.

logpresso · Jan 2, 2022 · 8ca2110 · 8ca2110
1 parent 6f3e37d
commit 8ca2110
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -20,6 +20,14 @@ log4j2-scan is a single binary command-line tool for CVE-2021-44228 vulnerabilit
 ### How to use
 Just run log4j2-scan.exe or log4j2-scan with target directory path. The logpresso-log4j2-scan.jar should work with JRE/JDK 7+
 
+`--fix` option is supported for following vulnerabilities:
+* Log4j v2 - CVE-2021-44228 (JndiLookup), CVE-2021-45046 (JndiLookup)
+* Log4j v1 - CVE-2021-4104 (JMSAppender), CVE-2019-17571 (SocketServer), CVE-2017-5645(SocketServer), CVE-2020-9488 (SMTPAppender)
+
+`--fix` option doesn't mitigate following vulnerabilities:
+* Log4j v2 - CVE-2021-45105 (DoS), CVE-2021-44832 (JDBCAppender)
+* Logback - CVE-2021-42550
+
 Usage
 ```
 Logpresso CVE-2021-44228 Vulnerability Scanner 2.7.0 (2022-01-02)