This page collects WhisperX intelligence signals tagged #CVE-2021-44228. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
在开源依赖扫描中,Apache Log4j 2.6.1版本被标记存在三个高危漏洞,其中CVE-2021-44228的CVSS评分达到满分10.0,且漏洞利用成熟度被评估为“高”。该漏洞允许攻击者通过特制的日志消息远程执行任意代码,对全球范围内使用此版本日志框架的Java应用程序构成严重威胁。同时被发现的还有CVE-2017-5645(CVSS 9.8分)和另一个未在摘要中完全显示的漏洞,这些漏洞均属于直接依赖项,意味着风险直接暴露。 此次扫描的漏洞库文件为`log4j-core-2.6.1.jar`,其路径指向一个示例项目的Maven配置文件。CVE-2021-44228即臭名昭著的“Log4Shell”漏洞,曾在全球引发大规模安...
A critical security exposure has been identified in a live software project, pinpointing the use of a vulnerable version of Apache Log4j. The library `log4j-core-2.8.2.jar` is flagged with two severe vulnerabilities, including the infamous Log4Shell flaw (CVE-2021-44228) rated at the maximum CVSS score of 10.0. This fi...
一份来自代码依赖扫描的报告显示,Apache Log4j 2.6.1 版本的核心库 `log4j-core-2.6.1.jar` 存在三个严重漏洞,其中最高严重性评分为 CVSS 10.0 满分。该版本作为直接依赖项被广泛使用,意味着大量基于 Java 的应用程序和服务面临潜在远程代码执行风险。漏洞利用成熟度被评估为“高”,且利用预测评分系统(EPSS)显示攻击概率高达 94.4%,表明该组件已成为活跃攻击的明确目标。 具体漏洞包括臭名昭著的 Log4Shell(CVE-2021-44228,CVSS 10.0)、CVE-2021-45046 以及一个更早的 CVE-2017-5645(CVSS 9.8)。报告明确指出,这些漏洞均...
A direct dependency scan has flagged the Apache Log4j library version 2.8.2 as containing two critical, actively exploitable vulnerabilities. The most severe, CVE-2021-44228, carries a maximum CVSS severity score of 10.0, indicating a flaw that is trivial to exploit and can lead to complete system compromise. The secon...
A critical security scan has flagged the Apache Log4j library version 2.6.1 as containing three severe vulnerabilities, including the infamous Log4Shell flaw with a maximum CVSS score of 10.0. This finding indicates that software projects still relying on this outdated and vulnerable version are exposed to immediate an...
A critical security alert has been flagged for the widely used Apache Log4j logging library. The specific version `log4j-core-2.8.2.jar` contains two severe vulnerabilities, with the highest-rated flaw, CVE-2021-44228, scoring a maximum 10.0 on the CVSS severity scale. This represents an immediate and severe risk to an...
A critical vulnerability in Apache Log4j 2, designated CVE-2021-44228, exposes countless systems to remote code execution. The flaw resides in the library's JNDI lookup feature, allowing attackers who can control log messages or parameters to execute arbitrary code loaded from external LDAP and other JNDI-related endpo...
A critical vulnerability in the ubiquitous Apache Log4j logging library has been detected, exposing countless applications to potential remote code execution. The flaw, tracked as CVE-2021-44228, resides in versions 2.0-beta9 through 2.15.0, excluding specific security patches. The vulnerability is in the library's JND...
A critical security scan has flagged the Apache Log4j library version 2.6.1 as containing multiple severe vulnerabilities, including the infamous Log4Shell flaw rated with a maximum CVSS score of 10.0. The findings, automatically generated from a dependency analysis, reveal that the `log4j-core-2.6.1.jar` file is a dir...
A direct project dependency on the outdated `log4j-core-2.8.2.jar` library exposes a system to two critical, actively exploitable vulnerabilities, including the infamous Log4Shell flaw with a maximum CVSS score of 10.0. This finding, surfaced by automated security scanning, indicates a severe and immediate risk of remo...
A critical security scan has flagged the Apache Log4j library version 2.6.1 as containing three severe vulnerabilities, including the infamous Log4Shell flaw with a maximum CVSS severity score of 10.0. This finding indicates that software projects still relying on this outdated version are actively exposed to one of th...
A critical security alert has been triggered for the Apache Log4j library version 2.8.2, exposing systems to two severe vulnerabilities with the highest possible severity rating of 10.0 on the CVSS scale. The findings, flagged in a software dependency scan, indicate a direct and exploitable weakness in a foundational l...
A critical security scan has flagged the Apache Log4j library version 2.6.1 as containing three severe vulnerabilities, including the infamous Log4Shell flaw with a maximum CVSS score of 10.0. The findings, reported via a GitHub issue, indicate the vulnerable `log4j-core-2.6.1.jar` file is a direct dependency in a proj...
A direct dependency scan has flagged the legacy library `log4j-core-2.8.2.jar` as containing two critical, actively exploitable vulnerabilities. The most severe, CVE-2021-44228, carries a maximum CVSS score of 10.0, indicating a flaw that allows for remote code execution with no authentication required. The second, CVE...
Apache Log4j 2.8.2 版本的核心库 `log4j-core-2.8.2.jar` 被安全扫描工具标记为存在两个严重漏洞,其中 CVE-2021-44228 的 CVSS 评分达到最高的 10.0 分,意味着其可利用性和潜在影响均为最高级别。另一个漏洞 CVE-2021-45046 的 CVSS 评分也高达 9.0 分。这两个漏洞的利用成熟度均被评估为“高”,且 EPSS(漏洞利用预测评分系统)概率均超过 94%,表明其在野外被利用的风险极高。 这两个漏洞均直接影响 `log4j-core-2.8.2.jar` 库。CVE-2021-44228 的修复版本包括 `log4j-core` 的 2.3.1、2.12.2 ...
A critical security scan reveals that the widely used Apache Log4j library version 2.6.1 contains three severe vulnerabilities, including the infamous Log4Shell flaw rated with a maximum CVSS score of 10.0. This finding indicates that systems still relying on this outdated version remain actively exposed to remote code...
一份来自 GitHub 依赖扫描的自动化报告揭示,一个广泛使用的旧版 Apache Log4j 核心库 jar 文件内嵌了三个已知的严重漏洞,其中 CVE-2021-44228(Log4Shell)的 CVSS 评分高达满分 10.0。该漏洞的利用成熟度被评估为“高”,且 EPSS(漏洞被利用概率评分)高达 94.4%,表明其被主动利用的风险极高。这份报告直接指向项目依赖文件 `/pom.xml` 中引用的 `log4j-core-2.6.1.jar`,意味着任何仍在使用此版本的项目都暴露在远程代码执行的严重威胁之下。 报告详细列出了三个漏洞:除了臭名昭著的 Log4Shell (CVE-2021-44228),还包括 CVE-2...
A critical, actively exploitable vulnerability has been detected within a software project's core dependencies. The flaw, identified as CVE-2021-44228, resides in the Apache Log4j library version 2.6.1, a ubiquitous logging component used across millions of applications worldwide. This is not a theoretical threat; the ...
A critical vulnerability in the ubiquitous Apache Log4j logging library has been detected, exposing countless systems to remote code execution. The flaw, tracked as CVE-2021-44228, resides in versions 2.0-beta9 through 2.15.0 (excluding specific security patches). The vulnerability allows an attacker who can control lo...
A critical, actively exploitable remote code execution vulnerability has been identified in Apache Log4j2, one of the most ubiquitous logging libraries in the Java ecosystem. Designated CVE-2021-44228, this flaw allows attackers who can control log messages or parameters to execute arbitrary code on affected systems. T...