rpm package
opensuse/log4j12&distro=openSUSE Leap 15.2
pkg:rpm/opensuse/log4j12&distro=openSUSE%20Leap%2015.2
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-4104 | Hig | 7.5 | < 1.2.17-lp152.3.3.2 | 1.2.17-lp152.3.3.2 | Dec 14, 2021 | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests t |
- affected < 1.2.17-lp152.3.3.2fixed 1.2.17-lp152.3.3.2
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests t