mirror of
https://github.com/cisagov/log4j-affected-db.git
synced 2024-11-22 16:40:48 +00:00
A community sourced list of log4j-affected software
README.md |
CISA Log4j (CVE-2021-44228) Vulnerability Guidance
This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Official CISA Guidance & Resources:
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alert: Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
National Vulnerability Database (NVD) Information: CVE-2021-44228
CISA will maintain a list of all known affected and not affected software regarding the Log4j vulnerability.
Software List
Vendor | Product | Version | Status | Patch Available | Mitigation Available | Vulnerability Notes | Related Links | Date Last Updated |
---|---|---|---|---|---|---|---|---|
Sample-Vendor | Product-A | 1.15.0, 1.14.0, 1.13.0, 1.12.0 | Affected/Not Affected | Yes/No Link | Yes/No Link | <Statement by vendor, vuln note, etc.> | Link Here | 12/11/2021 |