It was discovered that Apache Log4j 1.2 was vulnerable to deserialization of
untrusted data if the configuration file was editable. An attacker could use
this vulnerability to cause a DoS or possibly execute arbitrary code.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 21.10 | noarch | liblog4j1.2-java | < 1.2.17-10ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.10 | noarch | liblog4j1.2-java-doc | < 1.2.17-10ubuntu0.21.10.1 | UNKNOWN |
Ubuntu | 21.04 | noarch | liblog4j1.2-java | < 1.2.17-10ubuntu0.21.04.1 | UNKNOWN |
Ubuntu | 21.04 | noarch | liblog4j1.2-java-doc | < 1.2.17-10ubuntu0.21.04.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | liblog4j1.2-java | < 1.2.17-9ubuntu0.1 | UNKNOWN |
Ubuntu | 20.04 | noarch | liblog4j1.2-java-doc | < 1.2.17-9ubuntu0.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | liblog4j1.2-java | < 1.2.17-8+deb10u1ubuntu0.1 | UNKNOWN |
Ubuntu | 18.04 | noarch | liblog4j1.2-java-doc | < 1.2.17-8+deb10u1ubuntu0.1 | UNKNOWN |