CVE-2021-45046βApache Log4j2 Deserialization of Untrusted Data Vulnerability
PUBLISHEDvulnerability record
2023-05-01 Β· last modified June 21, 2025
Metadata
Vulnerability Name
Apache Log4j2 Deserialization of Untrusted Data Vulnerability
Description
Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
Known To Be Used in Ransomware Campaigns?
Action
Apply updates per vendor instructions.