Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.
CPE | Name | Operator | Version |
---|---|---|---|
log4jhotpatch | eq | < 1.1-16 |
9.4 High
AI Score
Confidence
0.976 High
EPSS
Percentile
100.0%