Maven package
org.ops4j.pax.logging/pax-logging-log4j2
pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-44832 | — | >= 1.8.0, < 1.9.2 | 1.9.2 | Dec 28, 2021 | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP ser | ||
| CVE-2021-45105 | — | >= 1.8.0, < 1.9.2 | 1.9.2 | Dec 18, 2021 | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpr | ||
| CVE-2021-45046 | — | KEV | >= 1.8.0, < 1.9.2 | 1.9.2 | Dec 14, 2021 | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with | |
| CVE-2021-44228 | — | KEV | >= 1.8.0, < 1.9.2 | 1.9.2 | Dec 10, 2021 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messa |
- CVE-2021-44832Dec 28, 2021affected >= 1.8.0, < 1.9.2fixed 1.9.2
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP ser
- CVE-2021-45105Dec 18, 2021affected >= 1.8.0, < 1.9.2fixed 1.9.2
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpr
- affected >= 1.8.0, < 1.9.2fixed 1.9.2
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with
- affected >= 1.8.0, < 1.9.2fixed 1.9.2
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messa