AVG-2626 log

Package zaproxy
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 2.11.1-1
Fixed 2.11.1-2
Current 2.15.0-1 [extra]
Ticket FS#72975
Created Sun Dec 12 21:06:26 2021
Issue Severity Remote Type Description
CVE-2021-44228 Critical Yes Arbitrary code execution
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI...
References
https://github.com/zaproxy/zaproxy/commit/34eb21e21c06939375d875296ca6ba3af81c0c12