Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Log4jhotpatch
(Amazon)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 2 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-19 | CVE-2021-3100 | The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges. | Log4jhotpatch | 8.8 | ||
| 2022-04-19 | CVE-2022-0070 | Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. | Log4jhotpatch | 8.8 |