Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding versions 2.12.3 and 2.3.1) are affected by a vulnerability that allows an attacker to cause a denial of service. This occurs when an attacker with control over Thread Context Map data crafts a string that triggers uncontrolled recursion in self-referential lookups. The issue has been resolved in Log4j versions 2.17.0, 2.12.3, and 2.3.1.
The severity of this vulnerability is classified as medium, with a CVSS score of 5.9. The risk to organizations includes potential denial of service, which can significantly disrupt operations. Given the exploitation status, organizations should prioritize patching immediately.
As of now, no public exploit has been confirmed for this vulnerability, but it remains critical for defenders to apply the latest security updates to protect their systems.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)