Описание
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.12.4-0ubuntu0.1 |
| devel | not-affected | 2.17.0-1 |
| esm-apps/bionic | released | 2.12.4-0ubuntu0.1 |
| esm-apps/focal | released | 2.17.0-0.20.04.1 |
| esm-apps/jammy | not-affected | 2.17.0-1 |
| esm-apps/noble | not-affected | 2.17.0-1 |
| esm-infra/xenial | needed | |
| focal | released | 2.17.0-0.20.04.1 |
| hirsute | released | 2.17.0-0.21.04.1 |
| impish | released | 2.17.0-0.21.10.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3
Связанные уязвимости
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and ...
EPSS
4.3 Medium
CVSS2
5.9 Medium
CVSS3