VulnerableCode Package Details - pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@1.10.9

Search for packages

Vulnerability	Summary	Fixed by
VCID-gnhu-4afv-pfhy Aliases: GHSA-xxfh-x98p-j8fr GMS-2021-75	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.ops4j.pax.logging:pax-logging-log4j2.	1.11.10 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.0.11 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-gnhu-4afv-pfhy
Aliases:
GHSA-xxfh-x98p-j8fr
GMS-2021-75

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in org.ops4j.pax.logging:pax-logging-log4j2.

1.11.10
Affected by 3 other vulnerabilities.

2.0.11
Affected by 3 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-r67p-yqg2-9bbq	Improper Input Validation and Injection in Apache Log4j2 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.	CVE-2021-44832 GHSA-8489-44mv-ggj8
VCID-sjuz-dd96-sqe3	Uncontrolled Recursion This advisory has been marked as a false positive.	CVE-2021-45105 GHSA-p6xc-xr62-6r2g

Vulnerability

Summary

Aliases

VCID-r67p-yqg2-9bbq

Improper Input Validation and Injection in Apache Log4j2 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

CVE-2021-44832
GHSA-8489-44mv-ggj8

VCID-sjuz-dd96-sqe3

Uncontrolled Recursion This advisory has been marked as a false positive.

CVE-2021-45105
GHSA-p6xc-xr62-6r2g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:36:54.908417+00:00	GitLab Importer	Fixing	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.4.0
2026-04-16T21:36:42.730359+00:00	GitLab Importer	Fixing	VCID-sjuz-dd96-sqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-45105.yml	38.4.0
2026-04-16T21:36:23.176241+00:00	GitLab Importer	Affected by	VCID-gnhu-4afv-pfhy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/GMS-2021-75.yml	38.4.0
2026-04-11T22:50:51.469319+00:00	GitLab Importer	Fixing	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.3.0
2026-04-11T22:50:32.786037+00:00	GitLab Importer	Fixing	VCID-sjuz-dd96-sqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-45105.yml	38.3.0
2026-04-11T22:50:04.486329+00:00	GitLab Importer	Affected by	VCID-gnhu-4afv-pfhy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/GMS-2021-75.yml	38.3.0
2026-04-02T23:00:14.685273+00:00	GitLab Importer	Fixing	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.1.0
2026-04-02T22:59:56.549354+00:00	GitLab Importer	Fixing	VCID-sjuz-dd96-sqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-45105.yml	38.1.0
2026-04-02T22:59:29.536904+00:00	GitLab Importer	Affected by	VCID-gnhu-4afv-pfhy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/GMS-2021-75.yml	38.1.0
2026-04-01T17:18:12.704732+00:00	GitLab Importer	Affected by	VCID-gnhu-4afv-pfhy	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/GMS-2021-75.yml	38.0.0
2026-04-01T15:59:12.576831+00:00	GHSA Importer	Fixing	VCID-r67p-yqg2-9bbq	https://github.com/advisories/GHSA-8489-44mv-ggj8	38.0.0
2026-04-01T15:59:12.195484+00:00	GHSA Importer	Fixing	VCID-sjuz-dd96-sqe3	https://github.com/advisories/GHSA-p6xc-xr62-6r2g	38.0.0
2026-04-01T13:05:45.185216+00:00	GithubOSV Importer	Fixing	VCID-r67p-yqg2-9bbq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-8489-44mv-ggj8/GHSA-8489-44mv-ggj8.json	38.0.0
2026-04-01T13:01:08.680210+00:00	GithubOSV Importer	Fixing	VCID-sjuz-dd96-sqe3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-p6xc-xr62-6r2g/GHSA-p6xc-xr62-6r2g.json	38.0.0
2026-04-01T12:49:13.272548+00:00	GitLab Importer	Fixing	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.0.0
2026-04-01T12:49:11.980810+00:00	GitLab Importer	Fixing	VCID-sjuz-dd96-sqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-45105.yml	38.0.0