AVG-2626 log
| Package | zaproxy |
| Status | Fixed |
| Severity | Critical |
| Type | arbitrary code execution |
| Affected | 2.11.1-1 |
| Fixed | 2.11.1-2 |
| Current | 2.14.0-1 [extra] |
| Ticket | FS#72975 |
| Created | Sun Dec 12 21:06:26 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-44228 | Critical | Yes | Arbitrary code execution | Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI... |
| References |
|---|
https://github.com/zaproxy/zaproxy/commit/34eb21e21c06939375d875296ca6ba3af81c0c12 |