[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Mon Dec 20 14:00:10 EST 2021
On 2021-12-17, Arne Vajhøj <arne at vajhoej.dk> wrote:
>
> They have now updated the severity to:
>
> CVE-2021-45046 Remote Code Execution
> Severity Critical
> Base CVSS Score 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
> Versions Affected All versions from 2.0-beta9 to 2.15.0, excluding 2.12.2
>
Perhaps we should just wait for version 2.40.0 to be released, which
will probably be in a couple of weeks at this rate. :-)
For anyone not aware, there is now a third CVE:
https://www.theregister.com/2021/12/19/log4j_new_flaw_cve_2021_45105/
The latest Log4j version is now 2.17.0.
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list