OESA-2021-1467
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2021-1467
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2021-1467.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2021-1467
- Upstream
- Published
- 2021-12-17T11:03:25Z
- Modified
- 2025-08-12T05:10:46.547460Z
- Summary
- log4j security update
- Details
-
Log4j is a tool to help the programmer output log statements to a variety of output targets.
Security Fix(es):
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. Log4j 2.15.0 makes a best-effort attempt to restrict JNDI LDAP lookups to localhost by default. Log4j 2.16.0 fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.(CVE-2021-45046)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP1 / log4j,jboss-logging,jgroups,json-lib,metrics,mx4j,netty,springframework,thrift,HikariCP,avalon-framework,avalon-logkit,datanucleus-api-jdo,datanucleus-core,datanucleus-rdbms,infinispan,wildfly-core,apache-zookeeper
Package
- Name
- log4j,jboss-logging,jgroups,json-lib,metrics,mx4j,netty,springframework,thrift,HikariCP,avalon-framework,avalon-logkit,datanucleus-api-jdo,datanucleus-core,datanucleus-rdbms,infinispan,wildfly-core,apache-zookeeper
- Purl
- pkg:rpm/openEuler/log4j,jboss-logging,jgroups,json-lib,metrics,mx4j,netty,springframework,thrift,HikariCP,avalon-framework,avalon-logkit,datanucleus-api-jdo,datanucleus-core,datanucleus-rdbms,infinispan,wildfly-core,apache-zookeeper&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixedapache-zookeeper-3.6.1-2.3.oe1
Ecosystem specific
{
"src": [
"log4j-2.13.2-3.oe1.src.rpm",
"jboss-logging-3.3.0-6.src.rpm",
"jgroups-3.6.10-7.oe1.src.rpm",
"json-lib-2.4-18.oe1.src.rpm",
"metrics-3.1.2-2.oe1.src.rpm",
"mx4j-3.0.1-2.oe1.src.rpm",
"netty-4.1.13-14.oe1.src.rpm",
"springframework-3.2.18-9.oe1.src.rpm",
"thrift-0.14.0-4.oe1.src.rpm",
"HikariCP-2.4.3-5.oe1.src.rpm",
"avalon-framework-4.3-23.oe1.src.rpm",
"avalon-logkit-2.1-33.oe1.src.rpm",
"datanucleus-api-jdo-3.2.8-2.oe1.src.rpm",
"datanucleus-core-3.2.15-2.oe1.src.rpm",
"datanucleus-rdbms-3.2.13-2.oe1.src.rpm",
"infinispan-8.2.4-9.oe1.src.rpm",
"wildfly-core-2.2.0-2.oe1.src.rpm",
"apache-zookeeper-3.6.1-2.3.oe1.src.rpm"
],
"noarch": [
"log4j-slf4j-2.13.2-3.oe1.noarch.rpm",
"log4j-nosql-2.13.2-3.oe1.noarch.rpm",
"log4j-help-2.13.2-3.oe1.noarch.rpm",
"log4j-taglib-2.13.2-3.oe1.noarch.rpm",
"log4j-jcl-2.13.2-3.oe1.noarch.rpm",
"log4j-web-2.13.2-3.oe1.noarch.rpm",
"log4j-jmx-gui-2.13.2-3.oe1.noarch.rpm",
"log4j-bom-2.13.2-3.oe1.noarch.rpm",
"log4j-2.13.2-3.oe1.noarch.rpm",
"jboss-logging-3.3.0-6.oe1.noarch.rpm",
"jboss-logging-javadoc-3.3.0-6.oe1.noarch.rpm",
"jgroups-3.6.10-7.oe1.noarch.rpm",
"jgroups-help-3.6.10-7.oe1.noarch.rpm",
"jenkins-json-lib-2.4-18.oe1.noarch.rpm",
"json-lib-2.4-18.oe1.noarch.rpm",
"json-lib-help-2.4-18.oe1.noarch.rpm",
"metrics-3.1.2-2.oe1.noarch.rpm",
"metrics-annotation-3.1.2-2.oe1.noarch.rpm",
"metrics-benchmarks-3.1.2-2.oe1.noarch.rpm",
"metrics-doc-3.1.2-2.oe1.noarch.rpm",
"metrics-ehcache-3.1.2-2.oe1.noarch.rpm",
"metrics-ganglia-3.1.2-2.oe1.noarch.rpm",
"metrics-graphite-3.1.2-2.oe1.noarch.rpm",
"metrics-healthchecks-3.1.2-2.oe1.noarch.rpm",
"metrics-httpasyncclient-3.1.2-2.oe1.noarch.rpm",
"metrics-httpclient-3.1.2-2.oe1.noarch.rpm",
"metrics-javadoc-3.1.2-2.oe1.noarch.rpm",
"metrics-jdbi-3.1.2-2.oe1.noarch.rpm",
"metrics-jersey2-3.1.2-2.oe1.noarch.rpm",
"metrics-json-3.1.2-2.oe1.noarch.rpm",
"metrics-jvm-3.1.2-2.oe1.noarch.rpm",
"metrics-log4j-3.1.2-2.oe1.noarch.rpm",
"metrics-log4j2-3.1.2-2.oe1.noarch.rpm",
"metrics-logback-3.1.2-2.oe1.noarch.rpm",
"metrics-parent-3.1.2-2.oe1.noarch.rpm",
"metrics-servlet-3.1.2-2.oe1.noarch.rpm",
"metrics-servlets-3.1.2-2.oe1.noarch.rpm",
"mx4j-3.0.1-2.oe1.noarch.rpm",
"mx4j-javadoc-3.0.1-2.oe1.noarch.rpm",
"mx4j-manual-3.0.1-2.oe1.noarch.rpm",
"netty-4.1.13-14.oe1.noarch.rpm",
"netty-help-4.1.13-14.oe1.noarch.rpm",
"springframework-3.2.18-9.oe1.noarch.rpm",
"springframework-aop-3.2.18-9.oe1.noarch.rpm",
"springframework-beans-3.2.18-9.oe1.noarch.rpm",
"springframework-context-3.2.18-9.oe1.noarch.rpm",
"springframework-expression-3.2.18-9.oe1.noarch.rpm",
"springframework-help-3.2.18-9.oe1.noarch.rpm",
"springframework-instrument-3.2.18-9.oe1.noarch.rpm",
"springframework-jdbc-3.2.18-9.oe1.noarch.rpm",
"springframework-jms-3.2.18-9.oe1.noarch.rpm",
"springframework-orm-3.2.18-9.oe1.noarch.rpm",
"springframework-orm-hibernate4-3.2.18-9.oe1.noarch.rpm",
"springframework-oxm-3.2.18-9.oe1.noarch.rpm",
"springframework-tx-3.2.18-9.oe1.noarch.rpm",
"springframework-web-3.2.18-9.oe1.noarch.rpm",
"libthrift-java-0.14.0-4.oe1.noarch.rpm",
"perl-thrift-0.14.0-4.oe1.noarch.rpm",
"python3-thrift-0.14.0-4.oe1.noarch.rpm",
"thrift-0.14.0-4.oe1.noarch.rpm",
"thrift-debugsource-0.14.0-4.oe1.noarch.rpm",
"thrift-devel-0.14.0-4.oe1.noarch.rpm",
"thrift-glib-0.14.0-4.oe1.noarch.rpm",
"thrift-qt-0.14.0-4.oe1.noarch.rpm",
"HikariCP-2.4.3-5.oe1.noarch.rpm",
"HikariCP-help-2.4.3-5.oe1.noarch.rpm",
"avalon-framework-4.3-23.oe1.noarch.rpm",
"avalon-framework-help-4.3-23.oe1.noarch.rpm",
"avalon-logkit-2.1-33.oe1.noarch.rpm",
"avalon-logkit-help-2.1-33.oe1.noarch.rpm",
"datanucleus-api-jdo-3.2.8-2.oe1.noarch.rpm",
"datanucleus-api-jdo-javadoc-3.2.8-2.oe1.noarch.rpm",
"datanucleus-api-jdo-3.2.8-2.oe1.noarch.rpm",
"datanucleus-core-javadoc-3.2.15-2.oe1.noarch.rpm",
"datanucleus-rdbms-3.2.13-2.oe1.noarch.rpm",
"datanucleus-rdbms-javadoc-3.2.13-2.oe1.noarch.rpm",
"infinispan-8.2.4-9.oe1.noarch.rpm",
"infinispan-help-8.2.4-9.oe1.noarch.rpm",
"wildfly-core-2.2.0-2.oe1.noarch.rpm",
"wildfly-core-feature-pack-2.2.0-2.oe1.noarch.rpm",
"wildfly-core-javadoc-2.2.0-2.oe1.noarch.rpm",
"apache-zookeeper-3.6.1-2.3.oe1.noarch.rpm"
]
}
openEuler:20.03-LTS-SP2 / log4j,jboss-logging,jgroups,json-lib,metrics,mx4j,netty,springframework,thrift,HikariCP,avalon-framework,avalon-logkit,datanucleus-api-jdo,datanucleus-core,datanucleus-rdbms,infinispan,wildfly-core,apache-zookeeper
Package
- Name
- log4j,jboss-logging,jgroups,json-lib,metrics,mx4j,netty,springframework,thrift,HikariCP,avalon-framework,avalon-logkit,datanucleus-api-jdo,datanucleus-core,datanucleus-rdbms,infinispan,wildfly-core,apache-zookeeper
- Purl
- pkg:rpm/openEuler/log4j,jboss-logging,jgroups,json-lib,metrics,mx4j,netty,springframework,thrift,HikariCP,avalon-framework,avalon-logkit,datanucleus-api-jdo,datanucleus-core,datanucleus-rdbms,infinispan,wildfly-core,apache-zookeeper&distro=openEuler-20.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixedapache-zookeeper-3.6.1-2.3.oe1
Ecosystem specific
{
"src": [
"log4j-2.13.2-3.oe1.src.rpm",
"jboss-logging-3.3.0-6.src.rpm",
"jgroups-3.6.10-7.oe1.src.rpm",
"json-lib-2.4-18.oe1.src.rpm",
"metrics-3.1.2-2.oe1.src.rpm",
"mx4j-3.0.1-2.oe1.src.rpm",
"netty-4.1.13-14.oe1.src.rpm",
"springframework-3.2.18-9.oe1.src.rpm",
"thrift-0.14.0-4.oe1.src.rpm",
"HikariCP-2.4.3-5.oe1.src.rpm",
"avalon-framework-4.3-23.oe1.src.rpm",
"avalon-logkit-2.1-33.oe1.src.rpm",
"datanucleus-api-jdo-3.2.8-2.oe1.src.rpm",
"datanucleus-core-3.2.15-2.oe1.src.rpm",
"datanucleus-rdbms-3.2.13-2.oe1.src.rpm",
"infinispan-8.2.4-9.oe1.src.rpm",
"wildfly-core-2.2.0-2.oe1.src.rpm",
"apache-zookeeper-3.6.1-2.3.oe1.src.rpm"
],
"noarch": [
"log4j-slf4j-2.13.2-3.oe1.noarch.rpm",
"log4j-nosql-2.13.2-3.oe1.noarch.rpm",
"log4j-help-2.13.2-3.oe1.noarch.rpm",
"log4j-taglib-2.13.2-3.oe1.noarch.rpm",
"log4j-jcl-2.13.2-3.oe1.noarch.rpm",
"log4j-web-2.13.2-3.oe1.noarch.rpm",
"log4j-jmx-gui-2.13.2-3.oe1.noarch.rpm",
"log4j-bom-2.13.2-3.oe1.noarch.rpm",
"log4j-2.13.2-3.oe1.noarch.rpm",
"jboss-logging-3.3.0-6.oe1.noarch.rpm",
"jboss-logging-javadoc-3.3.0-6.oe1.noarch.rpm",
"jgroups-3.6.10-7.oe1.noarch.rpm",
"jgroups-help-3.6.10-7.oe1.noarch.rpm",
"jenkins-json-lib-2.4-18.oe1.noarch.rpm",
"json-lib-2.4-18.oe1.noarch.rpm",
"json-lib-help-2.4-18.oe1.noarch.rpm",
"metrics-3.1.2-2.oe1.noarch.rpm",
"metrics-annotation-3.1.2-2.oe1.noarch.rpm",
"metrics-benchmarks-3.1.2-2.oe1.noarch.rpm",
"metrics-doc-3.1.2-2.oe1.noarch.rpm",
"metrics-ehcache-3.1.2-2.oe1.noarch.rpm",
"metrics-ganglia-3.1.2-2.oe1.noarch.rpm",
"metrics-graphite-3.1.2-2.oe1.noarch.rpm",
"metrics-healthchecks-3.1.2-2.oe1.noarch.rpm",
"metrics-httpasyncclient-3.1.2-2.oe1.noarch.rpm",
"metrics-httpclient-3.1.2-2.oe1.noarch.rpm",
"metrics-javadoc-3.1.2-2.oe1.noarch.rpm",
"metrics-jdbi-3.1.2-2.oe1.noarch.rpm",
"metrics-jersey2-3.1.2-2.oe1.noarch.rpm",
"metrics-json-3.1.2-2.oe1.noarch.rpm",
"metrics-jvm-3.1.2-2.oe1.noarch.rpm",
"metrics-log4j-3.1.2-2.oe1.noarch.rpm",
"metrics-log4j2-3.1.2-2.oe1.noarch.rpm",
"metrics-logback-3.1.2-2.oe1.noarch.rpm",
"metrics-parent-3.1.2-2.oe1.noarch.rpm",
"metrics-servlet-3.1.2-2.oe1.noarch.rpm",
"metrics-servlets-3.1.2-2.oe1.noarch.rpm",
"mx4j-3.0.1-2.oe1.noarch.rpm",
"mx4j-javadoc-3.0.1-2.oe1.noarch.rpm",
"mx4j-manual-3.0.1-2.oe1.noarch.rpm",
"netty-4.1.13-14.oe1.noarch.rpm",
"netty-help-4.1.13-14.oe1.noarch.rpm",
"springframework-3.2.18-9.oe1.noarch.rpm",
"springframework-aop-3.2.18-9.oe1.noarch.rpm",
"springframework-beans-3.2.18-9.oe1.noarch.rpm",
"springframework-context-3.2.18-9.oe1.noarch.rpm",
"springframework-expression-3.2.18-9.oe1.noarch.rpm",
"springframework-help-3.2.18-9.oe1.noarch.rpm",
"springframework-instrument-3.2.18-9.oe1.noarch.rpm",
"springframework-jdbc-3.2.18-9.oe1.noarch.rpm",
"springframework-jms-3.2.18-9.oe1.noarch.rpm",
"springframework-orm-3.2.18-9.oe1.noarch.rpm",
"springframework-orm-hibernate4-3.2.18-9.oe1.noarch.rpm",
"springframework-oxm-3.2.18-9.oe1.noarch.rpm",
"springframework-tx-3.2.18-9.oe1.noarch.rpm",
"springframework-web-3.2.18-9.oe1.noarch.rpm",
"libthrift-java-0.14.0-4.oe1.noarch.rpm",
"perl-thrift-0.14.0-4.oe1.noarch.rpm",
"python3-thrift-0.14.0-4.oe1.noarch.rpm",
"thrift-0.14.0-4.oe1.noarch.rpm",
"thrift-debugsource-0.14.0-4.oe1.noarch.rpm",
"thrift-devel-0.14.0-4.oe1.noarch.rpm",
"thrift-glib-0.14.0-4.oe1.noarch.rpm",
"thrift-qt-0.14.0-4.oe1.noarch.rpm",
"HikariCP-2.4.3-5.oe1.noarch.rpm",
"HikariCP-help-2.4.3-5.oe1.noarch.rpm",
"avalon-framework-4.3-23.oe1.noarch.rpm",
"avalon-framework-help-4.3-23.oe1.noarch.rpm",
"avalon-logkit-2.1-33.oe1.noarch.rpm",
"avalon-logkit-help-2.1-33.oe1.noarch.rpm",
"datanucleus-api-jdo-3.2.8-2.oe1.noarch.rpm",
"datanucleus-api-jdo-javadoc-3.2.8-2.oe1.noarch.rpm",
"datanucleus-api-jdo-3.2.8-2.oe1.noarch.rpm",
"datanucleus-core-javadoc-3.2.15-2.oe1.noarch.rpm",
"datanucleus-rdbms-3.2.13-2.oe1.noarch.rpm",
"datanucleus-rdbms-javadoc-3.2.13-2.oe1.noarch.rpm",
"infinispan-8.2.4-9.oe1.noarch.rpm",
"infinispan-help-8.2.4-9.oe1.noarch.rpm",
"wildfly-core-2.2.0-2.oe1.noarch.rpm",
"wildfly-core-feature-pack-2.2.0-2.oe1.noarch.rpm",
"wildfly-core-javadoc-2.2.0-2.oe1.noarch.rpm",
"apache-zookeeper-3.6.1-2.3.oe1.noarch.rpm"
]
}