VYPR
Medium severity6.6NVD Advisory· Published Dec 28, 2021· Updated May 29, 2026

CVE-2021-44832

CVE-2021-44832

Description

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.logging.log4j:log4j-coreMaven
>= 2.0-beta7, < 2.3.22.3.2
org.apache.logging.log4j:log4j-coreMaven
>= 2.4, < 2.12.42.12.4
org.apache.logging.log4j:log4j-coreMaven
>= 2.13.0, < 2.17.12.17.1
org.ops4j.pax.logging:pax-logging-log4j2Maven
>= 1.8.0, < 1.9.21.9.2
org.ops4j.pax.logging:pax-logging-log4j2Maven
>= 1.10.0, < 1.10.91.10.9
org.ops4j.pax.logging:pax-logging-log4j2Maven
>= 1.11.0, < 1.11.131.11.13
org.ops4j.pax.logging:pax-logging-log4j2Maven
>= 2.0.0, < 2.0.142.0.14

Affected products

5

Patches

Vulnerability mechanics

References

20

News mentions

0

No linked articles in our index yet.