Hi there, given the very high risk vulnerability CVE-2021-44228 which has a CVSS score of 10 can the FlightAware team make a statement regarding if this vulnerability is present in their build and any mitigations required.
I am running several unattended stations so it would be good to know. Especially as one of mine went offline on Monday and is no longer reachable after half a year of operation (which of course could be a coincidence). I have tested my local piawares by attacking the main page and /skyaware/, /graphs1090/ with a scan tool from another Pi on my network.
So far no hits and the test tools say negative but I think a developer statement is required/preferred. The tool I am using to scan is GitHub - fullhunt/log4j-scan: A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228. This exercises the attack vector against the web server.