There is a widespread log4j RCE vulnerability that was discovered today, denoted CVE-2021-44228.
This doesn't make sense to me intuitively since Redis is written and C and the source makes no mention to log4j. I suspect either Redis was listed without verification and other sources have referenced it, or that reports are conflating Redis itself with the Jedis java client which does seem effected -
https://github.com/redis/jedis/issues/2726.
Can I just get verification of the scope of impact on Redis core (hopefully none)?
Cheers,
- Taylor