Homepage
About Snyk

Remote Code Execution (RCE) The advisory has been revoked - it doesn't affect any version of package org.apache.logging.log4j:log4j-api Open this link in a new tab

    Threat Intelligence

    Exploit Maturity Mature
    EPSS 97.56% (100th percentile)
Expand this section
NVD
10 critical
Expand this section
Red Hat
9.8 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314719
  • published 10 Dec 2021
  • disclosed 10 Dec 2021
  • credit Chen Zhaojun of Alibaba Cloud Security Team
Report a new vulnerability Found a mistake?

Introduced: 10 Dec 2021

CVE-2021-44228 Open this link in a new tab
CWE-94 Open this link in a new tab

Amendment

org.apache.logging.log4j:log4j-api was originally deemed vulnerable, but Apache maintainers have since clarified that this only affects org.apache.logging.log4j:log4j-core.