Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/42586?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/42586?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0", "type": "maven", "namespace": "org.apache.logging.log4j", "name": "log4j-core", "version": "2.17.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.25.4", "latest_non_vulnerable_version": "2.25.4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351543?format=api", "vulnerability_id": "VCID-4nzu-3a6y-jqab", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34477.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34477.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34477", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28318", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28397", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00107", "scoring_system": "epss", "scoring_elements": "0.28373", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29084", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29182", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30343", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34556", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34107", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34128", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34503", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34541", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.33897", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00143", "scoring_system": "epss", "scoring_elements": "0.34021", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34477" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2" }, { "reference_url": "https://logging.apache.org/cyclonedx/vdr.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:36:46Z/" } ], "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "reference_url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:36:46Z/" } ], "url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34477", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34477" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457319", "reference_id": "2457319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457319" }, { "reference_url": "https://github.com/apache/logging-log4j2/pull/4075", "reference_id": "4075", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:36:46Z/" } ], "url": "https://github.com/apache/logging-log4j2/pull/4075" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-6hg6-v5c8-fphq", "reference_id": "GHSA-6hg6-v5c8-fphq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-6hg6-v5c8-fphq" }, { "reference_url": "https://lists.apache.org/thread/lkx8cl46t2bvkcwfcb2pd43ygc097lq4", "reference_id": "lkx8cl46t2bvkcwfcb2pd43ygc097lq4", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:36:46Z/" } ], "url": "https://lists.apache.org/thread/lkx8cl46t2bvkcwfcb2pd43ygc097lq4" }, { "reference_url": "https://logging.apache.org/security.html#CVE-2026-34477", "reference_id": "security.html#CVE-2026-34477", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:36:46Z/" } ], "url": "https://logging.apache.org/security.html#CVE-2026-34477" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1060903?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.25.4" } ], "aliases": [ "CVE-2026-34477", "GHSA-6hg6-v5c8-fphq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4nzu-3a6y-jqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24009?format=api", "vulnerability_id": "VCID-gcyx-fdns-k3bt", "summary": "Apache Log4j does not verify the TLS hostname in its Socket Appender\nThe Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the [verifyHostName](https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName) configuration attribute or the [log4j2.sslVerifyHostName](https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName) system property is set to true.\n\nThis issue may allow a man-in-the-middle attacker to intercept or redirect log traffic under the following conditions:\n\n* The attacker is able to intercept or redirect network traffic between the client and the log receiver.\n* The attacker can present a server certificate issued by a certification authority trusted by the Socket Appender’s configured trust store (or by the default Java trust store if no custom trust store is configured).\n\n\nUsers are advised to upgrade to Apache Log4j Core version 2.25.3, which addresses this issue.\n\nAs an alternative mitigation, the Socket Appender may be configured to use a private or restricted trust root to limit the set of trusted certificates.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68161.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-68161.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68161", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07418", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07234", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07206", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07215", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07185", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07198", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07404", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07353", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07424", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09795", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09873", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09889", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09847", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09926", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.0992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09867", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00034", "scoring_system": "epss", "scoring_elements": "0.09897", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10799", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.10785", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-68161" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68161", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68161" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2" }, { "reference_url": "https://github.com/apache/logging-log4j2/commit/3b93748497e1adbbd027fda8a5e7268ec5d0d578", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2/commit/3b93748497e1adbbd027fda8a5e7268ec5d0d578" }, { "reference_url": "https://github.com/apache/logging-log4j2/pull/4002", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://github.com/apache/logging-log4j2/pull/4002" }, { "reference_url": "https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx" }, { "reference_url": "https://logging.apache.org/cyclonedx/vdr.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "reference_url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName" }, { "reference_url": "https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName" }, { "reference_url": "https://logging.apache.org/security.html#CVE-2025-68161", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T21:34:24Z/" } ], "url": "https://logging.apache.org/security.html#CVE-2025-68161" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2025/12/18/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2025/12/18/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123744", "reference_id": "1123744", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123744" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423705", "reference_id": "2423705", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2423705" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161", "reference_id": "CVE-2025-68161", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68161" }, { "reference_url": "https://github.com/advisories/GHSA-vc5p-v9hr-52mj", "reference_id": "GHSA-vc5p-v9hr-52mj", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vc5p-v9hr-52mj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/67066?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.25.3" } ], "aliases": [ "CVE-2025-68161", "GHSA-vc5p-v9hr-52mj" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gcyx-fdns-k3bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/351338?format=api", "vulnerability_id": "VCID-hhc8-3wd3-4bh5", "summary": "Apache Log4j Core's XmlLayout fails to sanitize characters\nApache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets producing invalid XML output whenever a log message or MDC value contains such characters.\n\nThe impact depends on the StAX implementation in use:\n\n * JRE built-in StAX: Forbidden characters are silently written to the output, producing malformed XML. Conforming parsers must reject such documents with a fatal error, which may cause downstream log-processing systems to drop the affected records.\n * Alternative StAX implementations (e.g., Woodstox https://github.com/FasterXML/woodstox , a transitive dependency of the Jackson XML Dataformat module): An exception is thrown during the logging call, and the log event is never delivered to its intended appender, only to Log4j's internal status logger.\n\n\nUsers are advised to upgrade to Apache Log4j Core 2.25.4, which corrects this issue by sanitizing forbidden characters before XML output.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34480.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34480.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34480", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30858", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00119", "scoring_system": "epss", "scoring_elements": "0.30813", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35517", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35631", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.3572", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35518", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35609", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00153", "scoring_system": "epss", "scoring_elements": "0.35588", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36195", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36423", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.3648", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00157", "scoring_system": "epss", "scoring_elements": "0.36497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00171", "scoring_system": "epss", "scoring_elements": "0.37897", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-34480" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34480", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34480" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2" }, { "reference_url": "https://github.com/apache/logging-log4j2/pull/4077", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:43:51Z/" } ], "url": "https://github.com/apache/logging-log4j2/pull/4077" }, { "reference_url": "https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:43:51Z/" } ], "url": "https://lists.apache.org/thread/5x0hcnng0chhghp6jgjdp3qmbbhfjzhb" }, { "reference_url": "https://logging.apache.org/cyclonedx/vdr.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:43:51Z/" } ], "url": "https://logging.apache.org/cyclonedx/vdr.xml" }, { "reference_url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:43:51Z/" } ], "url": "https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout" }, { "reference_url": "https://logging.apache.org/security.html#CVE-2026-34480", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-10T17:43:51Z/" } ], "url": "https://logging.apache.org/security.html#CVE-2026-34480" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34480", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34480" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2026/04/10/9", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2026/04/10/9" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133847", "reference_id": "1133847", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133847" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136032", "reference_id": "1136032", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136032" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457328", "reference_id": "2457328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2457328" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-3pxv-7cmr-fjr4", "reference_id": "GHSA-3pxv-7cmr-fjr4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3pxv-7cmr-fjr4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1060903?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.25.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.25.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1060904?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@3.0.0-beta3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-s9nz-6x8z-ykgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@3.0.0-beta3" } ], "aliases": [ "CVE-2026-34480", "GHSA-3pxv-7cmr-fjr4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhc8-3wd3-4bh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11944?format=api", "vulnerability_id": "VCID-r67p-yqg2-9bbq", "summary": "Improper Input Validation and Injection in Apache Log4j2\nApache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44832.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44832.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.50443", "scoring_system": "epss", "scoring_elements": "0.97863", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.50443", "scoring_system": "epss", "scoring_elements": "0.9786", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.50443", "scoring_system": "epss", "scoring_elements": "0.97858", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.50443", "scoring_system": "epss", "scoring_elements": "0.97859", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.50589", "scoring_system": "epss", "scoring_elements": "0.9785", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.98001", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97979", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.98003", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97976", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97999", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.98", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97982", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97987", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97989", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97991", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.53648", "scoring_system": "epss", "scoring_elements": "0.97993", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-44832" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44832" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/logging-log4j2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/logging-log4j2" }, { "reference_url": "https://issues.apache.org/jira/browse/LOG4J2-3293", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.apache.org/jira/browse/LOG4J2-3293" }, { "reference_url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC" }, { "reference_url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220104-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220104-0001" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/12/28/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002813", "reference_id": "1002813", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1002813" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951", "reference_id": "2035951", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2035951" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832", "reference_id": "CVE-2021-44832", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-44832" }, { "reference_url": "https://github.com/advisories/GHSA-8489-44mv-ggj8", "reference_id": "GHSA-8489-44mv-ggj8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8489-44mv-ggj8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0083", "reference_id": "RHSA-2022:0083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0138", "reference_id": "RHSA-2022:0138", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0138" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0181", "reference_id": "RHSA-2022:0181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0181" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0203", "reference_id": "RHSA-2022:0203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0205", "reference_id": "RHSA-2022:0205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0216", "reference_id": "RHSA-2022:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0222", "reference_id": "RHSA-2022:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0223", "reference_id": "RHSA-2022:0223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0225", "reference_id": "RHSA-2022:0225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0226", "reference_id": "RHSA-2022:0226", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0226" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0227", "reference_id": "RHSA-2022:0227", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0227" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0230", "reference_id": "RHSA-2022:0230", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0230" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0236", "reference_id": "RHSA-2022:0236", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0236" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0467", "reference_id": "RHSA-2022:0467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0467" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0485", "reference_id": "RHSA-2022:0485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0493", "reference_id": "RHSA-2022:0493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://usn.ubuntu.com/5222-1/", "reference_id": "USN-5222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42881?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.17.1" } ], "aliases": [ "CVE-2021-44832", "GHSA-8489-44mv-ggj8" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r67p-yqg2-9bbq" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/11891?format=api", "vulnerability_id": "VCID-sjuz-dd96-sqe3", "summary": "Uncontrolled Recursion\nThis advisory has been marked as a false positive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45105.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-45105.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45105", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98697", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98706", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98704", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.987", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98699", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98693", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98692", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98691", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98688", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98687", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.70431", "scoring_system": "epss", "scoring_elements": "0.98685", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.71364", "scoring_system": "epss", "scoring_elements": "0.98717", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.71364", "scoring_system": "epss", "scoring_elements": "0.98716", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.71364", "scoring_system": "epss", "scoring_elements": "0.98713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.71364", "scoring_system": "epss", "scoring_elements": "0.98709", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.71364", "scoring_system": "epss", "scoring_elements": "0.98708", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.74536", "scoring_system": "epss", "scoring_elements": "0.98873", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.74536", "scoring_system": "epss", "scoring_elements": "0.98872", "published_at": "2026-05-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-45105" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45105" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/" }, { "reference_url": "https://logging.apache.org/log4j/2.x/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://logging.apache.org/log4j/2.x/security.html" }, { "reference_url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032" }, { "reference_url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211218-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20211218-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211218-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20211218-0001/" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd" }, { "reference_url": "https://www.debian.org/security/2021/dsa-5024", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-5024" }, { "reference_url": "https://www.kb.cert.org/vuls/id/930724", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.kb.cert.org/vuls/id/930724" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541" }, { "reference_url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/12/19/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001891", "reference_id": "1001891", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001891" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067", "reference_id": "2034067", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2034067" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105", "reference_id": "CVE-2021-45105", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-45105" }, { "reference_url": "https://github.com/advisories/GHSA-p6xc-xr62-6r2g", "reference_id": "GHSA-p6xc-xr62-6r2g", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p6xc-xr62-6r2g" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0026", "reference_id": "RHSA-2022:0026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0042", "reference_id": "RHSA-2022:0042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0043", "reference_id": "RHSA-2022:0043", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0043" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0044", "reference_id": "RHSA-2022:0044", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0044" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0047", "reference_id": "RHSA-2022:0047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0083", "reference_id": "RHSA-2022:0083", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0083" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0203", "reference_id": "RHSA-2022:0203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0205", "reference_id": "RHSA-2022:0205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0216", "reference_id": "RHSA-2022:0216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0219", "reference_id": "RHSA-2022:0219", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0222", "reference_id": "RHSA-2022:0222", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0222" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0223", "reference_id": "RHSA-2022:0223", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0223" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1296", "reference_id": "RHSA-2022:1296", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1297", "reference_id": "RHSA-2022:1297", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1297" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1299", "reference_id": "RHSA-2022:1299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1462", "reference_id": "RHSA-2022:1462", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1462" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1463", "reference_id": "RHSA-2022:1463", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1463" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1469", "reference_id": "RHSA-2022:1469", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1469" }, { "reference_url": "https://usn.ubuntu.com/5203-1/", "reference_id": "USN-5203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5203-1/" }, { "reference_url": "https://usn.ubuntu.com/5222-1/", "reference_id": "USN-5222-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5222-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/42059?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-74dr-6hxt-tbgu" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-mz9r-j78c-dfe3" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/42585?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.12.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/42586?format=api", "purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4nzu-3a6y-jqab" }, { "vulnerability": "VCID-gcyx-fdns-k3bt" }, { "vulnerability": "VCID-hhc8-3wd3-4bh5" }, { "vulnerability": "VCID-r67p-yqg2-9bbq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0" } ], "aliases": [ "CVE-2021-45105", "GHSA-p6xc-xr62-6r2g" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sjuz-dd96-sqe3" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0" }