VulnerableCode Package Details - pkg:maven/com.guicedee.services/log4j-core@1.0.13.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-jwav-88m7-6fhz Aliases: CVE-2021-44228 GHSA-jfh8-c2jp-5v3q	Remote code injection in Log4j Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per [Apache's Log4j security guide](https://logging.apache.org/log4j/2.x/security.html): Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.16.0, this behavior has been disabled by default. Log4j version 2.15.0 contained an earlier fix for the vulnerability, but that patch did not disable attacker-controlled JNDI lookups in all situations. For more information, see the `Updated advice for version 2.16.0` section of this advisory.	1.2.2.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-jwav-88m7-6fhz
Aliases:
CVE-2021-44228
GHSA-jfh8-c2jp-5v3q

Remote code injection in Log4j Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per [Apache's Log4j security guide](https://logging.apache.org/log4j/2.x/security.html): Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.16.0, this behavior has been disabled by default. Log4j version 2.15.0 contained an earlier fix for the vulnerability, but that patch did not disable attacker-controlled JNDI lookups in all situations. For more information, see the `Updated advice for version 2.16.0` section of this advisory.

1.2.2.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:36:13.364817+00:00	GitLab Importer	Affected by	VCID-jwav-88m7-6fhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.guicedee.services/log4j-core/CVE-2021-44228.yml	38.4.0
2026-04-11T22:49:53.919032+00:00	GitLab Importer	Affected by	VCID-jwav-88m7-6fhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.guicedee.services/log4j-core/CVE-2021-44228.yml	38.3.0
2026-04-02T22:59:19.976628+00:00	GitLab Importer	Affected by	VCID-jwav-88m7-6fhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.guicedee.services/log4j-core/CVE-2021-44228.yml	38.1.0
2026-04-01T17:18:01.809384+00:00	GitLab Importer	Affected by	VCID-jwav-88m7-6fhz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.guicedee.services/log4j-core/CVE-2021-44228.yml	38.0.0