CVE-2021-45046β€”Apache Log4j2 Deserialization of Untrusted Data Vulnerability

PUBLISHEDvulnerability record
2023-05-01 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2021-45046
Project:
Apache
Product:
Log4j2
Date Added:
2023-05-01
Due Date:
2023-05-22
Last Updated:
June 21, 2025

Vulnerability Name

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Description

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply updates per vendor instructions.

Additional Notes

Related Weaknesses