CVE-2021-45046: Apache Log4j2 Deserialization of Untrusted Data
Apache Log4j2 Deserialization of Untrusted Data Vulnerability. Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.
- CISA KEV-listed (remediation due 2023-05-22)
- used in ransomware campaigns
- EPSS 94.3% (100.0% percentile)