| Apache | Flink | <flink1.15.0,1.14.1,1.13.3|Affected|No| [Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228)](https://flink.apache.org/2021/12/10/log4j-cve.html) |||12/12/2021|
| Apache | Flink | <1.14.2,1.13.5,1.12.7,1.11.6|Fixed|Yes| [Apache Flink: Advise on Apache Log4j Zero Day (CVE-2021-44228)](https://flink.apache.org/2021/12/10/log4j-cve.html) |Toclarifyandavoidconfusion:The1.14.1/1.13.4/1.12.6/1.11.5releases,whichweresupposedtoonlycontainaLog4jupgradeto2.15.0,wereskippedbecauseCVE-2021-45046wasdiscoveredduringthereleasepublication.Thenew1.14.2/1.13.5/1.12.7/1.11.6releasesincludeaversionupgradeforLog4jtoversion2.16.0toaddressCVE-2021-44228andCVE-2021-45046.| [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)|12/12/2021|
| Apache | Kafka | All | Not Affected | No | [Kafka Apache List](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | 12/14/2021 |
| Apache | Kafka | Unknown | Affected | No | [Log4j – Apache Log4j Security Vulnerabilities](https://logging.apache.org/log4j/2.x/security.html)| Only vulnerable in certain configuration(s) | | |