VulnerableCode Package Details - pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0

purl	pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0

Vulnerabilities affecting this package (0)

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-kcg1-65qf-j7gx	Incomplete fix for Apache Log4j vulnerability The fix to address [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a remote code execution (RCE) attack.	CVE-2021-45046 GHSA-7rjr-3q55-vv33

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-31T00:54:11.627123+00:00	GHSA Importer	Fixing	VCID-kcg1-65qf-j7gx	https://github.com/advisories/GHSA-7rjr-3q55-vv33	38.6.0
2026-05-30T20:56:26.604574+00:00	GitLab Importer	Fixing	VCID-kcg1-65qf-j7gx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j-core/CVE-2021-45046.yml	38.6.0