QID 984157

QID 984157: Java (maven) Security Update for org.apache.logging.log4j:log4j-api (GHSA-jfh8-c2jp-5v3q)

Security update has been released for org.apache.logging.log4j:log4j-core,org.apache.logging.log4j:log4j-api to fix the vulnerability. Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues.

Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution
    Customers are advised to refer to GHSA-jfh8-c2jp-5v3q for updates pertaining to this vulnerability.
    Vendor References

    CVEs related to QID 984157

    Software Advisories
    Advisory ID Software Component Link
    GHSA-jfh8-c2jp-5v3q org.apache.logging.log4j:log4j-api URL Logo github.com/advisories/GHSA-jfh8-c2jp-5v3q
    GHSA-jfh8-c2jp-5v3q org.apache.logging.log4j:log4j-core URL Logo github.com/advisories/GHSA-jfh8-c2jp-5v3q