You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@logging.apache.org by vy...@apache.org on 2022/08/07 19:30:23 UTC
[logging-log4j2] branch release-2.x updated: Fix version typos in security page.
This is an automated email from the ASF dual-hosted git repository.
vy pushed a commit to branch release-2.x
in repository https://gitbox.apache.org/repos/asf/logging-log4j2.git
The following commit(s) were added to refs/heads/release-2.x by this push:
new 40214e87c4 Fix version typos in security page.
40214e87c4 is described below
commit 40214e87c46c9534abcd8c5abf2b154f4c561002
Author: Volkan Yazıcı <vo...@yazi.ci>
AuthorDate: Sun Aug 7 21:30:22 2022 +0200
Fix version typos in security page.
---
src/site/markdown/security.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/site/markdown/security.md b/src/site/markdown/security.md
index aeccf9c685..d852acb303 100644
--- a/src/site/markdown/security.md
+++ b/src/site/markdown/security.md
@@ -54,7 +54,7 @@ Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configu
| --------------- | -------- |
| Severity | Moderate |
| Base CVSS Score | 6.6 (AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H) |
-| Versions Affected | All versions from 2.0-alpha7 to 2.17.0, excluding 2.3.2 and 2.12.4 |
+| Versions Affected | All versions from 2.0-beta7 to 2.17.0, excluding 2.3.2 and 2.12.4 |
### Description
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to
@@ -114,7 +114,7 @@ Apache Log4j2 does not always protect from infinite recursion in lookup evaluati
| --------------- | -------- |
| Severity | Moderate |
| Base CVSS Score | 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) |
-| Versions Affected | All versions from 2.0-beta9 to 2.16.0, excluding 2.12.3 |
+| Versions Affected | All versions from 2.0-alpha1 to 2.16.0, excluding 2.12.3 |
### Description
Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, did not protect from uncontrolled recursion from self-referential lookups.