Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2021-45105

Good to know:

icon

Date: December 18, 2021

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Language: Java

Severity Score

Related Resources (20)

https://nvd.nist.gov/vuln/detail/CVE-2021-45105
https://www.debian.org/security/2021/dsa-5024
https://logging.apache.org/log4j/2.x/security.html
https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/
https://www.oracle.com/security-alerts/cpujan2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://security.netapp.com/advisory/ntap-20211218-0001
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ
https://www.oracle.com/security-alerts/cpuapr2022.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY
https://www.oracle.com/security-alerts/cpujul2022.html
https://security.netapp.com/advisory/ntap-20211218-0001/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
http://www.openwall.com/lists/oss-security/2021/12/19/1
https://www.kb.cert.org/vuls/id/930724
https://www.zerodayinitiative.com/advisories/ZDI-21-1541
https://www.mend.io/vulnerability-database/CVE-2021-45105

Severity Score

Weakness Type (CWE)

Improper Input Validation

CWE-20

Uncontrolled Resource Consumption

CWE-400

Uncontrolled Recursion

CWE-674

Top Fix

icon

Upgrade Version

Upgrade to version quankim/dynamodb - 0.3.2;quankim/dynamodb - no_fix;quankim/dynamodb - 0.7;betalabs/dynamodb - 1.1.0;log4j-jars - no_fix;phoogkamer/dynamodb - no_fix;phoogkamer/dynamodb - help;phoogkamer/dynamodb - 0.3.2;baopham/dynamodb - 4.2.0;logstash-binary - no_fix;slava-ponomarenko/dynamodb - no_fix;thebatclaudio/dynamodb - 4.2.0;adriansyah/dynamodb - 1.1.0;org.apache.camel:camel-example-servlet-tomcat:2.18.2;org.apache.camel:camel-example-cxf-tomcat:2.18.2;io.hawt:hawtio-default:2.0.2;org.apache.camel:camel-example-spring-ws:2.18.2;org.apache.camel:camel-example-reportincident:2.18.2;org.apache.camel:camel-example-servlet-tomcat-no-spring:2.18.2;org.apache.camel:camel-example-cdi-rest-servlet:2.18.2;org.apache.camel:camel-example-spring-security:2.18.2;org.infinispan:infinispan-gridfs-webdav:9.0.0.Alpha1;org.infinispan:infinispan-gridfs-webdav:9.0.0.Alpha1;org.infinispan:infinispan-gridfs-webdav:9.0.0.Alpha1;io.apiman:apiman-manager-api-war:1.2.1.Final;org.apache.logging.log4j:log4j-core:2.12.3;org.apache.logging.log4j:log4j-core:2.12.3;org.apache.logging.log4j:log4j-core:2.17.0;org.apache.logging.log4j:log4j-core:2.3.1;org.apache.camel:camel-example-activemq-tomcat:2.18.2;org.apache.activemq:artemis-console:2.17.0;io.hawt:hawtio-wildfly:2.0.2;io.hawt:hawtio-base:2.0.2;io.hawt:hawtio-war:2.0.1;org.apache.camel:camel-example-restlet-jdbc:2.18.2

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): PARTIAL
Additional information:

Do you need more information?

Contact Us