You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by ju...@apache.org on 2021/12/15 01:23:11 UTC
[kafka-site] branch asf-site updated: Added CVE-2021-45046 (#389)
This is an automated email from the ASF dual-hosted git repository.
junrao pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/kafka-site.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 124f625 Added CVE-2021-45046 (#389)
124f625 is described below
commit 124f625d5e2557d2b8be967f70f8e89542b60f8c
Author: Mukul Khullar - Confluent <74...@users.noreply.github.com>
AuthorDate: Tue Dec 14 17:22:35 2021 -0800
Added CVE-2021-45046 (#389)
---
cve-list.html | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/cve-list.html b/cve-list.html
index b42620d..2bb1e03 100644
--- a/cve-list.html
+++ b/cve-list.html
@@ -9,6 +9,34 @@
This page lists all security vulnerabilities fixed in released versions of Apache Kafka.
+<h2><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046">CVE-2021-45046</a>
+ Flaw in Apache Log4j logging library in versions from 2.0-beta9 through 2.12.1 and from 2.13.0 through 2.15.0</h2>
+
+ <p>Some components in Apache Kafka use <code>Log4j-v1.2.17</code> there is no dependence on <code>Log4j v2.*</code>. Check with the vendor of any connector plugin that includes a Log4J 2.x JAR file.</p>
+
+ <p>Users should NOT be impacted by this vulnerability</p>
+
+ <table class="data-table">
+ <tbody>
+ <tr>
+ <td>Versions affected</td>
+ <td>NA</td>
+ </tr>
+ <tr>
+ <td>Fixed versions</td>
+ <td>NA</td>
+ </tr>
+ <tr>
+ <td>Impact</td>
+ <td>NA</td>
+ </tr>
+ <tr>
+ <td>Issue announced</td>
+ <td>14 Dec 2021</td>
+ </tr>
+ </tbody>
+ </table>
+
<h2><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228">CVE-2021-44228</a>
Flaw in Apache Log4j logging library in versions from 2.0.0 and before 2.15.0</h2>