Skip to content

Docker & Log4j Vulnerability

As per the latest information on Docker website, though Docker infrastructure use Java for some of their application code the Log4j vulnerability doesn’t affect Docker Desktop or DockerHub as they are mainly built using Go Language rather than Java. Inshort Docker is not affected by this Log4j vulnerability but the same can’t be said about the images that are hosted on DockerHub.

Docker did confirm in their blog post that some of the images hosted on DockerHub have log4j in their code and they might be vulnerable. And Docker did provide some workarounds on how you can turn off the DNS Lookups as noted down below here but it might not work effectively. The best solution is to add rules in your Web Application Firewall which might be prevent an attacker from exploiting the vulnerability in your application.