Unrated severityNVD Advisory· Published Apr 19, 2022· Updated Sep 17, 2024
Log4j hot patch package privilege escalation
CVE-2022-0070
Description
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: unspecified
Patches
Vulnerability mechanics
References
2- alas.aws.amazon.com/cve/html/CVE-2022-0070.htmlmitrex_refsource_MISC
- unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilitiesmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.