VDB

GCVE-VVD-MAGEIA-2022-2

GCVE-VVD-MAGEIA-2022-2
Advisory Published
Vulnetix · Advisory published January 11, 2022
Apache Log4j2 is vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol
Download JSON Open in Console

Affected Products

VendorProductVersionsPlatforms
Mageialog4j0 (affected), 2.17.1-1.mga8 (unaffected), 0 (affected), 2.17.1-1.mga8 (unaffected)
Mageiacaja0 (affected), 1.24.1-1.1.mga8 (unaffected)

References

Updated log4j packages fix security vulnerability
advisory
Updated log4j packages fix security vulnerability
issue
Updated log4j packages fix security vulnerability
issue
Updated log4j packages fix security vulnerability
issue
Updated caja packages fix missing requires for mate-desktop-schemas
advisory
Updated caja packages fix missing requires for mate-desktop-schemas
issue

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›