12 matches found
com.savoirtech.aetos:aetos (>=4.2.0.1 <=4.2.1), org.apache.cxf.karaf:apache-cxf (>=3.4.6 <=3.4.10) +14 more potentially affected by CVE-2021-44832 via org.ops4j.pax.logging:pax-logging-log4j2 (>=1.11.10 <=1.11.12)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.11.10, =4.2.0.1, =3.4.6, =4.2.13, =4.2.13, =4.2.13, =4.2.13, =4.2.13, =4.2.13, =4.2.13, =4.2.13, =4.2.13, =4.2.13, =4.2.13, =1.11.10, =1.11.10, =1.11.12 and more Source cves: CVE-2021-44832 Source advisory: OSV:GHSA-8489-44MV-GGJ8...
ca.uhn.hapi.fhir.karaf:hapi-fhir (>=3.3.0 <=3.7.0), com.esri.geoevent.sdk:geoevent-sdk (>=10.7.1 <=10.8.1) +118 more potentially affected by CVE-2021-44832 via org.ops4j.pax.logging:pax-logging-log4j2 (>=1.10.0 <=1.10.8)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.10.0, =3.3.0, =10.7.1, =2.0.1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.61.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.24.01 and more Source cves: CVE-2021-44832 Source advisory: OSV:GHSA-8489-44MV-GGJ8...
hu.blackbelt.osgi.filestore:features (>=1.2.1 <=1.3.0), hu.blackbelt.osgi.filestore:kar (>=1.2.1 <=1.3.0) +40 more potentially affected by CVE-2021-44832 via org.ops4j.pax.logging:pax-logging-log4j2 (>=2.0.0 <=2.0.13)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =2.0.0, =1.2.1, =1.2.1, =1.0.12, =1.0.12, =2.14.2, =2.19.0, =3.12.0, =3.12.0, =3.5.0, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.5 and more Source cves: CVE-2021-44832 Source advisory: OSV:GHSA-8489-44MV-GGJ8...
com.savoirtech.aetos:aetos (>=4.2.0.1 <=4.2.1), org.apache.karaf.examples:karaf-docker-example-dynamic-dist (=4.2.13) +13 more potentially affected by CVE-2021-45105 via org.ops4j.pax.logging:pax-logging-log4j2 (>=1.11.10 <=1.11.11)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.11.10, =4.2.0.1, =1.11.10, =1.11.10, =1.11.10, =1.11.11 Source cves: CVE-2021-45105 Source advisory: OSV:GHSA-P6XC-XR62-6R2G...
hu.blackbelt.osgi.filestore:features (>=1.2.1 <=1.3.0), hu.blackbelt.osgi.filestore:kar (>=1.2.1 <=1.3.0) +40 more potentially affected by CVE-2021-45105 via org.ops4j.pax.logging:pax-logging-log4j2 (>=2.0.0 <=2.0.12)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =2.0.0, =1.2.1, =1.2.1, =1.0.12, =1.0.12, =2.14.2, =2.19.0, =3.12.0, =3.12.0, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.3, =4.3.4 and more Source cves: CVE-2021-45105 Source advisory: OSV:GHSA-P6XC-XR62-6R2G...
ca.uhn.hapi.fhir.karaf:hapi-fhir (>=3.3.0 <=3.7.0), com.esri.geoevent.sdk:geoevent-sdk (>=10.7.1 <=10.8.1) +118 more potentially affected by CVE-2021-45105 via org.ops4j.pax.logging:pax-logging-log4j2 (>=1.10.0 <=1.10.8)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.10.0, =3.3.0, =10.7.1, =2.0.1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.61.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.24.01 and more Source cves: CVE-2021-45105 Source advisory: OSV:GHSA-P6XC-XR62-6R2G...
org.ops4j.pax.logging:pax-logging-log4j2-extra (=1.11.10), org.ops4j.pax.logging:pax-logging-sample-fragment-log4j2 (=1.11.10) +1 more potentially affected by CVE-2021-44228 +1 more via org.ops4j.pax.logging:pax-logging-log4j2 (=1.11.10)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.11.10 is affected by a known vulnerability. The following packages have a transitive dependency on org.ops4j.pax.logging:pax-logging-log4j2 and may be impacted: - org.ops4j.pax.logging:pax-logging-log4j2-extra =1.11.10 -...
ca.uhn.hapi.fhir.karaf:hapi-fhir (>=3.3.0 <=3.7.0), com.esri.geoevent.sdk:geoevent-sdk (>=10.7.1 <=10.8.1) +118 more potentially affected by CVE-2021-44228 +1 more via org.ops4j.pax.logging:pax-logging-log4j2 (>=1.10.0 <=1.10.7)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.10.0, =3.3.0, =10.7.1, =2.0.1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.61.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.24.01 and more Source cves: CVE-2021-44228, CVE-2021-45046 Source advisory: OSV:GHSA-7RJR-3Q55-VV33...
GHSA-XXFH-X98P-J8FR Remote code injection in Log4j (through pax-logging-log4j2)
Impact Remote Code Execution. Patches Users of pax-logging 1.11.9 should update to 1.11.10. Users of pax-logging 2.0.10 should update to 2.0.11. Workarounds Set system property -Dlog4j2.formatMsgNoLookups=true References https://github.com/advisories/GHSA-jfh8-c2jp-5v3q...
Remote code injection in Log4j (through pax-logging-log4j2)
Impact Remote Code Execution. Patches Users of pax-logging 1.11.9 should update to 1.11.10. Users of pax-logging 2.0.10 should update to 2.0.11. Workarounds Set system property -Dlog4j2.formatMsgNoLookups=true References https://github.com/advisories/GHSA-jfh8-c2jp-5v3q...
hu.blackbelt.osgi.filestore:features (>=1.2.1 <=1.3.0), hu.blackbelt.osgi.filestore:kar (>=1.2.1 <=1.3.0) +40 more potentially affected by CVE-2021-44228 via org.ops4j.pax.logging:pax-logging-log4j2 (>=2.0.0 <=2.0.10)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =2.0.0, =1.2.1, =1.2.1, =1.0.12, =1.0.12, =2.14.2, =2.19.0, =3.12.0, =3.12.0, =3.14.0 - org.apache.cxf.karaf:apache-cxf =3.5.0 - org.apache.karaf.examples:karaf-docker-example-dynamic-dist =4.3.3 - org.apache.karaf.features:enterprise =4.3.3 ...
ca.uhn.hapi.fhir.karaf:hapi-fhir (>=3.3.0 <=3.7.0), com.esri.geoevent.sdk:geoevent-sdk (>=10.7.1 <=10.8.1) +118 more potentially affected by CVE-2021-44228 via org.ops4j.pax.logging:pax-logging-log4j2 (>=1.10.0 <=1.10.7)
org.ops4j.pax.logging:pax-logging-log4j2 MAVEN version =1.10.0, =3.3.0, =10.7.1, =2.0.1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.61.2, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =3.24.01 and more Source cves: CVE-2021-44228 Source advisory: OSV:GHSA-JFH8-C2JP-5V3Q...