Log4j

From Braindump
Jump to navigation Jump to search

Log4J 1.2.17

https://mvnrepository.com/artifact/log4j/log4j

https://nvd.nist.gov/vuln/detail/CVE-2022-23307

https://nvd.nist.gov/vuln/detail/CVE-2022-23305

https://nvd.nist.gov/vuln/detail/CVE-2022-23302

https://nvd.nist.gov/vuln/detail/CVE-2021-4104

https://nvd.nist.gov/vuln/detail/CVE-2019-17571

https://mvnrepository.com/artifact/ch.qos.reload4j/reload4j


Log4J 2

https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core

https://logging.apache.org/log4j/2.x/security.html#vulnerabilities

https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Log4Shell had a vulnerability in the JNDI, which allows attackers to connect an LDAP server they controlled and allows for a remote shell into the JVM, giving them full control over the application.

<groupId>org.apache.logging.log4j</groupId>

<artifactId>log4j-core</artifactId>

<version>2.22.1</version>

Retrieved from "https://www.janmg.com/wiki/index.php?title=Log4j&oldid=1022"