Apache said version 2.16 "does not always protect from infinite recursion in lookup evaluation" and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the ...
Three months after the Apache Foundation disclosed the infamous Lo4j vulnerability [CVE-2021-44228] and issued a fix for it, more than 4 in 10 downloads of the logging tool from the Maven Central Java ...
A month after the disclosure of CVE-2021-44228, aka Log4Shell, a critical vulnerability in the Apache Log4j Java package, up to 40% of new downloads are still at risk of compromise despite the ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback