org.ops4j.pax.logging:pax-logging-log4j2
Maven4 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.ops4j.pax.logging:pax-logging-log4j2page 1 of 1
- CVE-2021-44228CRITICALCVSS 10.0EG 10.0⚠ KEV✓ Fixed in 2.0.112021-12-10
vulnerable: 2.0.0 ... 2.0.9 (11 versions)
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoin…
- CVE-2021-44832MEDIUMCVSS 6.6EG 6.6✓ Fixed in 2.0.142021-12-28
vulnerable: 2.0.0 ... 2.0.9 (14 versions)
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an at…
- CVE-2021-45046CRITICALCVSS 9.0EG 9.0⚠ KEV✓ Fixed in 2.0.122021-12-14
vulnerable: 2.0.0 ... 2.0.9 (12 versions)
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configurati…
- CVE-2021-45105MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.0.132021-12-18
vulnerable: 2.0.0 ... 2.0.9 (13 versions)
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of…
Check whether org.ops4j.pax.logging:pax-logging-log4j2 is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.ops4j.pax.logging:pax-logging-log4j2 CVEs against the assets you own.
Start Free Scan →