Search for packages
| purl | pkg:rpm/redhat/log4j@1.2.14-19.patch_01.ep5?arch=el6 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-74dr-6hxt-tbgu
Aliases: CVE-2017-5645 GHSA-fxph-q3j8-mv87 |
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. | There are no reported fixed by versions. |
|
VCID-zbwq-f71w-jqhy
Aliases: CVE-2019-17571 GHSA-2qrg-x229-3v8q |
Deserialization of Untrusted Data in Log4j Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions 1.2 up to 1.2.17. Users are advised to migrate to `org.apache.logging.log4j:log4j-core`. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:31:28.707144+00:00 | RedHat Importer | Affected by | VCID-74dr-6hxt-tbgu | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5645.json | 38.0.0 |
| 2026-04-01T14:14:33.812675+00:00 | RedHat Importer | Affected by | VCID-zbwq-f71w-jqhy | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17571.json | 38.0.0 |