Search for packages
| purl | pkg:maven/org.apache.logging.log4j/log4j@2.17.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-8977-tjss-w7ba | Incomplete fix for Apache Log4j vulnerability The fix to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a remote code execution (RCE) attack. |
CVE-2021-45046
GHSA-7rjr-3q55-vv33 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T21:36:27.041364+00:00 | GitLab Importer | Fixing | VCID-8977-tjss-w7ba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml | 38.4.0 |
| 2026-04-11T22:50:08.770821+00:00 | GitLab Importer | Fixing | VCID-8977-tjss-w7ba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml | 38.3.0 |
| 2026-04-02T22:59:33.233812+00:00 | GitLab Importer | Fixing | VCID-8977-tjss-w7ba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml | 38.1.0 |
| 2026-04-01T12:49:10.477712+00:00 | GitLab Importer | Fixing | VCID-8977-tjss-w7ba | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2021-45046.yml | 38.0.0 |