VulnerableCode Package Details - pkg:maven/org.ops4j.pax.logging/pax-logging-log4j2@1.11.13

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-r67p-yqg2-9bbq	Improper Input Validation and Injection in Apache Log4j2 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.	CVE-2021-44832 GHSA-8489-44mv-ggj8

Vulnerability

Summary

Aliases

VCID-r67p-yqg2-9bbq

Improper Input Validation and Injection in Apache Log4j2 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

CVE-2021-44832
GHSA-8489-44mv-ggj8

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:36:54.943388+00:00	GitLab Importer	Fixing	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.4.0
2026-04-11T22:50:51.558108+00:00	GitLab Importer	Fixing	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.3.0
2026-04-02T23:00:14.754616+00:00	GitLab Importer	Fixing	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.1.0
2026-04-01T15:59:12.454787+00:00	GHSA Importer	Fixing	VCID-r67p-yqg2-9bbq	https://github.com/advisories/GHSA-8489-44mv-ggj8	38.0.0
2026-04-01T13:05:45.224228+00:00	GithubOSV Importer	Fixing	VCID-r67p-yqg2-9bbq	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-8489-44mv-ggj8/GHSA-8489-44mv-ggj8.json	38.0.0
2026-04-01T12:49:13.274591+00:00	GitLab Importer	Fixing	VCID-r67p-yqg2-9bbq	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.ops4j.pax.logging/pax-logging-log4j2/CVE-2021-44832.yml	38.0.0