828837 – (CVE-2021-4104) [Tracker] Log4j JNDI Remote Code Execution

Bug 828837 (CVE-2021-4104) - [Tracker] Log4j JNDI Remote Code Execution

Summary: [Tracker] Log4j JNDI Remote Code Execution

Status:	RESOLVED FIXED

Alias:	CVE-2021-4104

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:

Depends on:	828657 828853 828936 828969 829034 830716 831509
Blocks:
	Show dependency tree

Reported:	2021-12-10 16:16 UTC by John Helmert III
Modified:	2023-12-22 09:34 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2021-12-10 16:16:31 UTC

Remote code execution exists in log4j where untrusted input is logged:

https://github.com/apache/logging-log4j2/pull/608
https://github.com/tangxiaofeng7/apache-log4j-poc

Fix is in 2.15.0.

Format For Printing
- XML
- Clone This Bug
- Clone In The Same Product
- Top of page