Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 828837 (CVE-2021-4104) - [Tracker] Log4j JNDI Remote Code Execution
Summary: [Tracker] Log4j JNDI Remote Code Execution
Status: CONFIRMED
Alias: CVE-2021-4104
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on: 828657 828853 828936 830716 828969 829034 831509
Blocks:
  Show dependency tree
 
Reported: 2021-12-10 16:16 UTC by John Helmert III
Modified: 2022-01-19 23:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-10 16:16:31 UTC
Remote code execution exists in log4j where untrusted input is logged:

https://github.com/apache/logging-log4j2/pull/608
https://github.com/tangxiaofeng7/apache-log4j-poc

Fix is in 2.15.0.