| CARVIEW |
Select Language
HTTP/2 200
date: Thu, 31 Jul 2025 08:31:22 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"1e01de465ab8016ac6e20e19211ba07e"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com wss://alive-staging.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=mVuVqQ6TE0HmIJCRgHj%2FW6OuSTPC2EWMCud29l6ClcDq%2FQx8%2Fl5iJXA2okiZ9iXOW2MbSdx7Xf0zEtCzLTA%2FQ2vJ0iVPJxB49cCEK8BNWEE3CfCsibePlWrJBdZaYEip4AypPQqPRObimbNOiMX5Idx%2FlYChD4mcMHODt%2BgG0C248EAC7MGwIh6vdy0jJ58lRUN6ay6b59B7McuLB0W%2Fam8Y4eBiRqafEwyk7XbG3CJze1QAP98ar3tc9ei71dpP0nIwiaYO8%2BZSNWu6WemmCQ%3D%3D--lPr%2BWtKfjxMwYRN%2F--eysoumclvw0%2B0I8qGWpuJw%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.2107517238.1753950682; Path=/; Domain=github.com; Expires=Fri, 31 Jul 2026 08:31:22 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Fri, 31 Jul 2026 08:31:22 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: C2F0:FA5FC:608CF9:7789A0:688B29DA
Custom Samples example repository referenced vulnerable Log4j 2 · Advisory · GoogleCloudPlatform/cloud-code-vscode · GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 127
Custom Samples example repository referenced vulnerable Log4j 2
High
Package
cloud-code-custom-samples-example/bank-of-anthos
(cloud-code-samples)
Affected versions
commits < 2021-12-14 19:26:10 UTC
Patched versions
2021-12-15 20:42:13 UTC (commit d81c71b)
Description
Severity
High
CVE ID
No known CVE
Weaknesses
No CWEs
You can’t perform that action at this time.
Linked Advisory: cloud-code-custom-samples-example GHSA-h9xv-vc3v-gvw9
Impact
Cloud Code provides a demonstration project on Github at https://github.com/GoogleCloudPlatform/cloud-code-custom-samples-example to serve as a demonstration of how someone might configure a samples repository. Prior to December 15, 2021 this Github project included a snapshot of the Bank of Anthos application with a dependency on Log4j 2.13.3, which is vulnerable to CVE-2021-44228 and CVE-2021-45046. Any user who followed the Cloud Code guide to "Setting up a samples repository" before December 15, 2021 may have added this repository to Cloud Code and may have the vulnerable version available on disk.
This issue only affects users that create an application based on Bank of Anthos and subsequently deployed this application.
Patches
The cloud-code-custom-samples-example repository was updated to remove the Bank of Anthos application on December 15, 2021.
Remediation
If you created a project from a Bank of Anthos template, you should follow the process used by the Bank of Anthos project to update to the latest version of Log4j.
Update your local copy of the cloud-code-custom-samples-example repository, or remove the cloud-code-custom-samples-example repository.
Update Local Copies
Cloud Code for VS Code offers a "Refresh" button in the upper right of the "Choose a Template" dialog to update all configured samples repositories.