[jira] [Closed] (OFBIZ-12470) [SECURITY] CVE-2021-45105: Apache Log4j2

Jacques Le Roux (Jira) Sun, 19 Dec 2021 01:52:24 -0800


     [ 
https://issues.apache.org/jira/browse/OFBIZ-12470?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jacques Le Roux closed OFBIZ-12470.
-----------------------------------
    Resolution: Fixed

> [SECURITY] CVE-2021-45105: Apache Log4j2
> ----------------------------------------
>
>                 Key: OFBIZ-12470
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-12470
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: ALL COMPONENTS
>    Affects Versions: 18.12.03
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Blocker
>             Fix For: 18.12.04
>
>
> CVE-2021-45105: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 does not 
> protect from uncontrolled recursion from self-referential lookups. This 
> allows an attacker with control over Thread Context Map data to cause a 
> denial of service when a crafted string is interpreted. This issue is fixed 
> in Log4j 2.17.0.: https://logging.apache.org/log4j/2.x/security.html



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

[jira] [Closed] (OFBIZ-12470) [SECURITY] CVE-2021-45105: Apache Log4j2

Reply via email to