CVE-2021-44832

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-44832
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44832.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-44832
Aliases
Related
Published
2021-12-28T20:15:08Z
Modified
2024-10-12T08:38:18.842793Z
Severity
  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

References

Affected packages

Debian:11 / apache-log4j2

Package

Name
apache-log4j2
Purl
pkg:deb/debian/apache-log4j2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.17.1-1~deb11u1

Affected versions

2.*

2.13.3-1
2.15.0-1~deb10u1
2.15.0-1~deb11u1
2.15.0-1
2.16.0-1~deb10u1
2.16.0-1~deb11u1
2.16.0-1
2.17.0-1~deb10u1
2.17.0-1~deb11u1
2.17.0-1
2.17.1-1~deb10u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / apache-log4j2

Package

Name
apache-log4j2
Purl
pkg:deb/debian/apache-log4j2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.17.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / apache-log4j2

Package

Name
apache-log4j2
Purl
pkg:deb/debian/apache-log4j2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.17.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/logging-log4j2

Affected ranges

Type
GIT
Repo
https://github.com/apache/logging-log4j2
Events