Back to search
CVE-2021-45105
Published: Dec 18, 2021
Modified: May 29, 2026
PUBLISHED
Description
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache Log4j2 | affected log4j-core - < 2.17.0 |
References
https://logging.apache.org/log4j/2.x/security.html
x_refsource_MISC
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
x_refsource_CONFIRM
VU#930724
third-party-advisory
x_refsource_CERT-VN
20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021
vendor-advisory
x_refsource_CISCO
DSA-5024
vendor-advisory
x_refsource_DEBIAN
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20211218-0001/
x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/
x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html
x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now