This repository provides CISA's guidance and an overview of related software regarding the Log4j vulnerability (CVE-2021-44228). CISA encourages users and administrators to review the official Apache release and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.
Official CISA Guidance & Resources:
Webpage: CISA Apache Log4j Vulnerability Guidance
CISA Director Jen Easterly's Statement: Statement from CISA Director Easterly on “Log4j” Vulnerability.
CISA Current Activity Alerts:
Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation
CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228
National Vulnerability Database (NVD) Information: CVE-2021-44228
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open an issue here. We have a template available for your submission. Please also feel free to submit a pull request.
Status | Description |
---|---|
Unknown | Status unknown. Default choice. |
Affected | Reported to be affected by CVE-2021-44228. |
Not Affected | Reported to NOT be affected by CVE-2021-44228 and no further action necessary. |
Fixed | Patch and/or mitigations available (see provided links). |
Under Investigation | Vendor investigating status. |
Vendor | Product | Version | Status | Update Available | Vendor Link | Notes | Other References | Last Updated |
---|---|---|---|---|---|---|---|---|
Sample-Vendor | Product-A | 1.15.0 | Affected | Yes/No | Update Link Here | <Statement by vendor, vuln note, etc.> | Link Here | 12/11/2021 |