What is GHSA-7rjr-3q55-vv33?

Incomplete fix for Apache Log4j vulnerability This vulnerability has been assigned a severity rating of CRITICAL.

How do I check if my project is affected by GHSA-7rjr-3q55-vv33?

Use GeekWala's free vulnerability scanner to check your dependencies against GHSA-7rjr-3q55-vv33 and 200,000+ other known vulnerabilities. Upload your package.json, requirements.txt, or other dependency file to get instant results.

Loading...

GHSA-7rjr-3q55-vv33 — CRITICAL Severity Vulnerability

Incomplete fix for Apache Log4j vulnerability CVSS base score is 3.1 (CRITICAL severity). The EPSS exploit prediction model gives this CVE a 94.3% probability of exploitation in the next 30 days, placing it in the 100th percentile of all tracked vulnerabilities. This vulnerability is on the CISA Known Exploited Vulnerabilities catalog — meaning active in-the-wild exploitation has been confirmed by federal sources. Federal civilian agencies must remediate by May 22, 2023. Affects 6 packages across the dependency graph; review the affected version ranges below and upgrade to a fixed release where available.

Home
Vulnerabilities
GHSA-7rjr-3q55-vv33

org.ops4j.pax.logging:pax-logging-log4j2 (maven) security
Maven dependency scanner
org.ops4j.pax.logging:pax-logging-log4j2 (maven) security
org.ops4j.pax.logging:pax-logging-log4j2 (maven) security
org.ops4j.pax.logging:pax-logging-log4j2 (maven) security
org.apache.logging.log4j:log4j-core (maven) security
org.apache.logging.log4j:log4j-core (maven) security
Run a free scan
Understanding CVEs and EPSS