What is GHSA-8489-44mv-ggj8?

Improper Input Validation and Injection in Apache Log4j2 This vulnerability has been assigned a severity rating of MODERATE.

How do I check if my project is affected by GHSA-8489-44mv-ggj8?

Use GeekWala's free vulnerability scanner to check your dependencies against GHSA-8489-44mv-ggj8 and 200,000+ other known vulnerabilities. Upload your package.json, requirements.txt, or other dependency file to get instant results.

Loading...

GHSA-8489-44mv-ggj8 — MODERATE Severity Vulnerability

Improper Input Validation and Injection in Apache Log4j2 CVSS base score is 3.1 (MODERATE severity). The EPSS exploit prediction model gives this CVE a 53.6% probability of exploitation in the next 30 days, placing it in the 98th percentile of all tracked vulnerabilities. This vulnerability is not currently on the CISA Known Exploited Vulnerabilities catalog. Affects 7 packages across the dependency graph; review the affected version ranges below and upgrade to a fixed release where available.

Home
Vulnerabilities
GHSA-8489-44mv-ggj8

org.ops4j.pax.logging:pax-logging-log4j2 (maven) security
Maven dependency scanner
org.ops4j.pax.logging:pax-logging-log4j2 (maven) security
org.ops4j.pax.logging:pax-logging-log4j2 (maven) security
org.ops4j.pax.logging:pax-logging-log4j2 (maven) security
org.apache.logging.log4j:log4j-core (maven) security
org.apache.logging.log4j:log4j-core (maven) security
org.apache.logging.log4j:log4j-core (maven) security
Run a free scan
Understanding CVEs and EPSS