Remote Code Execution (RCE) The advisory has been revoked - it doesn't affect any version of package org.apache.logging.log4j:log4j-api Open this link in a new tab
Threat Intelligence
Exploit Maturity
Mature
EPSS
97.56% (100th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314719
- published 10 Dec 2021
- disclosed 10 Dec 2021
- credit Chen Zhaojun of Alibaba Cloud Security Team
Introduced: 10 Dec 2021
CVE-2021-44228 Open this link in a new tabAmendment
org.apache.logging.log4j:log4j-api
was originally deemed vulnerable, but Apache maintainers have since clarified that this only affects org.apache.logging.log4j:log4j-core
.