Search for packages
| purl | pkg:maven/org.apache.logging.log4j/log4j@2.16.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-8977-tjss-w7ba
Aliases: CVE-2021-45046 GHSA-7rjr-3q55-vv33 |
Incomplete fix for Apache Log4j vulnerability The fix to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a remote code execution (RCE) attack. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T21:36:27.040132+00:00 | GitLab Importer | Affected by | VCID-8977-tjss-w7ba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml | 38.4.0 |
| 2026-04-11T22:50:08.767447+00:00 | GitLab Importer | Affected by | VCID-8977-tjss-w7ba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml | 38.3.0 |
| 2026-04-02T22:59:33.230612+00:00 | GitLab Importer | Affected by | VCID-8977-tjss-w7ba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml | 38.1.0 |
| 2026-04-01T17:18:16.926741+00:00 | GitLab Importer | Affected by | VCID-8977-tjss-w7ba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml | 38.0.0 |