VulnerableCode Package Details - pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@1.11.12

Search for packages

Vulnerability	Summary	Fixed by
VCID-r67p-yqg2-9bbq Aliases: CVE-2021-44832 GHSA-8489-44mv-ggj8	Improper Input Validation and Injection in Apache Log4j2 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.	1.11.13 Affected by 0 other vulnerabilities. 2.0.14 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-r67p-yqg2-9bbq
Aliases:
CVE-2021-44832
GHSA-8489-44mv-ggj8

Improper Input Validation and Injection in Apache Log4j2 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

1.11.13
Affected by 0 other vulnerabilities.

2.0.14
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-sjuz-dd96-sqe3	Uncontrolled Recursion This advisory has been marked as a false positive.	CVE-2021-45105 GHSA-p6xc-xr62-6r2g

Vulnerability

Summary

Aliases

VCID-sjuz-dd96-sqe3

Uncontrolled Recursion This advisory has been marked as a false positive.

CVE-2021-45105
GHSA-p6xc-xr62-6r2g

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:36:54.941814+00:00	GitLab Importer	Affected by	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.4.0
2026-04-16T21:36:42.758447+00:00	GitLab Importer	Fixing	VCID-sjuz-dd96-sqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-45105.yml	38.4.0
2026-04-11T22:50:51.553448+00:00	GitLab Importer	Affected by	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.3.0
2026-04-11T22:50:32.867127+00:00	GitLab Importer	Fixing	VCID-sjuz-dd96-sqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-45105.yml	38.3.0
2026-04-02T23:00:14.751328+00:00	GitLab Importer	Affected by	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.1.0
2026-04-02T22:59:56.618585+00:00	GitLab Importer	Fixing	VCID-sjuz-dd96-sqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-45105.yml	38.1.0
2026-04-01T17:18:59.752010+00:00	GitLab Importer	Affected by	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.0.0
2026-04-01T15:59:12.109189+00:00	GHSA Importer	Fixing	VCID-sjuz-dd96-sqe3	https://github.com/advisories/GHSA-p6xc-xr62-6r2g	38.0.0
2026-04-01T13:01:08.729366+00:00	GithubOSV Importer	Fixing	VCID-sjuz-dd96-sqe3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-p6xc-xr62-6r2g/GHSA-p6xc-xr62-6r2g.json	38.0.0
2026-04-01T12:49:11.982910+00:00	GitLab Importer	Fixing	VCID-sjuz-dd96-sqe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-45105.yml	38.0.0