CISA Log4j (CVE-2021-44228) Vulnerability Guidance
This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Official CISA Guidance & Resources:
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alert: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
National Vulnerability Database (NVD) Information: CVE-2021-44228
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.
Status Descriptions
| Status |
Description |
| Unknown |
Status unknown. Default choice. |
| Affected |
Reported to be affected by CVE-2021-44228. |
| Not Affected |
Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
| Fixed |
Patch and/or mitigations available (see provided links). |
| Under Investigation |
Vendor investigating status. |
Software List
| Vendor |
Product |
Version |
Status |
Update Available |
Notes |
References |
Last Updated |
| Sample-Vendor |
Product-A |
1.15.0 |
Affected |
Yes/No Link |
<Statement by vendor, vuln note, etc.> |
Link Here |
12/11/2021 |
