Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.logging.log4j/log4j@2.12.3
purl pkg:maven/org.apache.logging.log4j/log4j@2.12.3
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-8977-tjss-w7ba Incomplete fix for Apache Log4j vulnerability The fix to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a remote code execution (RCE) attack. CVE-2021-45046
GHSA-7rjr-3q55-vv33
VCID-mz9r-j78c-dfe3 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. CVE-2020-9488
GHSA-vwqq-5vrc-xw9h

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:36:27.026278+00:00 GitLab Importer Fixing VCID-8977-tjss-w7ba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml 38.4.0
2026-04-16T21:02:51.316654+00:00 GitLab Importer Fixing VCID-mz9r-j78c-dfe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml 38.4.0
2026-04-11T22:50:08.731304+00:00 GitLab Importer Fixing VCID-8977-tjss-w7ba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml 38.3.0
2026-04-11T22:14:14.180080+00:00 GitLab Importer Fixing VCID-mz9r-j78c-dfe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml 38.3.0
2026-04-02T22:59:33.196687+00:00 GitLab Importer Fixing VCID-8977-tjss-w7ba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml 38.1.0
2026-04-02T22:26:35.126087+00:00 GitLab Importer Fixing VCID-mz9r-j78c-dfe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml 38.1.0
2026-04-01T16:44:30.724679+00:00 GitLab Importer Fixing VCID-mz9r-j78c-dfe3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml 38.0.0
2026-04-01T15:58:11.197886+00:00 GHSA Importer Fixing VCID-mz9r-j78c-dfe3 https://github.com/advisories/GHSA-vwqq-5vrc-xw9h 38.0.0
2026-04-01T13:00:23.952461+00:00 GithubOSV Importer Fixing VCID-mz9r-j78c-dfe3 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/06/GHSA-vwqq-5vrc-xw9h/GHSA-vwqq-5vrc-xw9h.json 38.0.0
2026-04-01T12:49:10.475663+00:00 GitLab Importer Fixing VCID-8977-tjss-w7ba https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml 38.0.0