VYPR

rpm package

opensuse/log4j12-mini&distro=openSUSE Leap 15.2

pkg:rpm/opensuse/log4j12-mini&distro=openSUSE%20Leap%2015.2

Vulnerabilities (1)

  • CVE-2021-4104HigDec 14, 2021
    affected < 1.2.17-lp152.3.3.2fixed 1.2.17-lp152.3.3.2

    JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests t