Programmer DD

Dec 29, 2021 · Information Security

Log4j 2.17.0 Still Vulnerable: CVE‑2021‑44832 Details and Fixes

The Log4j 2.17.0 release still contains a medium‑severity vulnerability (CVE‑2021‑44832) in the JDBCAppender that allows remote code execution via JNDI, affecting versions up to 2.17.0, and can be mitigated by upgrading to the appropriate patched version for each Java runtime.