Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105 :: Recipe Details

Recipe Name:

Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

Description:

Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105

Level:

error

Language:

java
kotlin

Tags:

Log4j
OWASP Top 10
SLF4J
basic protection set
framework specific
injection
logging
security

Recipe

id: scw:logging:log4j:log4shell
version: 10
metadata:
  name: Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
  shortDescription: Vulnerable Log4j version - Log4Shell/CVE-2021-44228/CVE-2021-45046/CVE-2021-45105
  level: error
  language: java; kotlin
  scwCategory: vulncomponents:known
  cweCategory: 20
  enabled: true
  tags: Log4j;OWASP Top 10;SLF4J;basic protection set;framework specific;injection;logging;security
search:
  class: {}
scopes:
  library:
    not:
      anyOf:
      - minVersion: 2.17.0
        name:
          contains: org.apache.logging.log4j:log4j-core
      - minVersion: 2.13.1
        name:
          contains: org.apache.logging.log4j:log4j-core
        maxVersion: 2.13.9999
      - minVersion: 2.3.1
        name:
          contains: org.apache.logging.log4j:log4j-core
        maxVersion: 2.3.9999
    name:
      contains: org.apache.logging.log4j:log4j-core
availableFixes:
- name: Read about Log4Shell vulnerability (CVE-2021-44228,CVE-2021-45046)
  actions:
  - goto:
      type: URL
      value: https://log4shell.com/
- name: Upgrade to Log4j 2.17.0 or higher (edit pom.xml/build.gradle)
  actions:
  - goto:
      type: URL
      value: https://search.maven.org/artifact/org.apache.logging.log4j/log4j-core