VDB

GCVE-VVD-MAGEIA-2021-556

GCVE-VVD-MAGEIA-2021-556
Advisory Published
Vulnetix · Advisory published December 11, 2021
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. (CVE-2021-44228)
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageialog4j0 (affected), 2.13.3-1.1.mga8 (unaffected)

References

Updated log4j packages fix security vulnerability
advisory
Updated log4j packages fix security vulnerability
issue
Updated log4j packages fix security vulnerability
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›