 PRP: Request CVE-2021-44228 Apache Log4j2 <=2.14.1 JNDI RCE

Hello,
I would like to start the implementation for a plugin that detects Apache Log4j2 RCE vulnerability,
The vulnerability should be relatively new and it is a serious problem.
Apache log4j2 is affected from 2.0 to 2.14.1.
The vulnerability has been fixed, but there is no CVE number yet.


- https://github.com/apache/logging-log4j2/pull/608
- https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc1
- https://issues.apache.org/jira/projects/LOG4J2/issues/LOG4J2-3201?filter=allissues

Please let me know if this is in scope to start with its development.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

PRP: Request CVE-2021-44228 Apache Log4j2 <=2.14.1 JNDI RCE #219

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

PRP: Request CVE-2021-44228 Apache Log4j2 <=2.14.1 JNDI RCE #219

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions