Created
March 14, 2023 11:26
-
-
Save lulf/2fb7467978fb73cbe5ed9af10a9bbcde to your computer and use it in GitHub Desktop.
output
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| evaluate pattern: vuln::not-affected | |
| { | |
| "name": "vuln::not-affected", | |
| "input": "<collapsed>", | |
| "satisfied": false, | |
| "rationale": [ | |
| { | |
| "name": "list::none", | |
| "input": [ | |
| { | |
| "action_statement": "Review GHSA-7rjr-3q55-vv33 for details on the appropriate action", | |
| "action_statement_timestamp": "2023-03-14T11:26:18.107597140Z", | |
| "products": [ | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.15.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.10.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta9" | |
| ], | |
| "status": "affected", | |
| "status_notes": "Open Source Vulnerabilities (OSV) found vulnerabilities", | |
| "timestamp": "2023-03-09T05:39:44.626998Z", | |
| "vuln_description": "Incomplete fix for Apache Log4j vulnerability", | |
| "vulnerability": "GHSA-7rjr-3q55-vv33" | |
| }, | |
| { | |
| "action_statement": "Review GHSA-8489-44mv-ggj8 for details on the appropriate action", | |
| "action_statement_timestamp": "2023-03-14T11:26:18.107624593Z", | |
| "products": [ | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.10.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.15.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta9", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.17.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.2" | |
| ], | |
| "status": "affected", | |
| "status_notes": "Open Source Vulnerabilities (OSV) found vulnerabilities", | |
| "timestamp": "2023-03-07T05:45:26.530365Z", | |
| "vuln_description": "Improper Input Validation and Injection in Apache Log4j2", | |
| "vulnerability": "GHSA-8489-44mv-ggj8" | |
| }, | |
| { | |
| "action_statement": "Review GHSA-jfh8-c2jp-5v3q for details on the appropriate action", | |
| "action_statement_timestamp": "2023-03-14T11:26:18.107654445Z", | |
| "products": [ | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.10.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta9", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6" | |
| ], | |
| "status": "affected", | |
| "status_notes": "Open Source Vulnerabilities (OSV) found vulnerabilities", | |
| "timestamp": "2023-03-12T05:37:05.056138Z", | |
| "vuln_description": "Remote code injection in Log4j", | |
| "vulnerability": "GHSA-jfh8-c2jp-5v3q" | |
| }, | |
| { | |
| "action_statement": "Review GHSA-p6xc-xr62-6r2g for details on the appropriate action", | |
| "action_statement_timestamp": "2023-03-14T11:26:18.107693571Z", | |
| "products": [ | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.15.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.10.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.16.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta9", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.3" | |
| ], | |
| "status": "affected", | |
| "status_notes": "Open Source Vulnerabilities (OSV) found vulnerabilities", | |
| "timestamp": "2023-03-09T05:39:46.613343Z", | |
| "vuln_description": "Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion", | |
| "vulnerability": "GHSA-p6xc-xr62-6r2g" | |
| }, | |
| { | |
| "action_statement": "Review GHSA-vwqq-5vrc-xw9h for details on the appropriate action", | |
| "action_statement_timestamp": "2023-03-14T11:26:18.107761899Z", | |
| "products": [ | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.10.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-rc1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta9", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-alpha1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta5", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.13.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.4.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta8", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.13.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta9", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.8", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.9.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta4", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.11.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.6.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta7", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.12.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-alpha2", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta3", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.3.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.7", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.6.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-alpha2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.5", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-rc1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.12.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.7", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.10.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.11.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.3.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta3", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.8.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.12.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.4", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.3.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.5", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.12.4", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.13.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.8.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.8.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.12.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.9.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta8", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-rc2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta7", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.6.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta4", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.11.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.11.2", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.9.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0-beta2", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.1", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.12.0", | |
| "pkg:maven/org.apache.logging.log4j/log4j-core@2.0-beta2", | |
| "pkg:maven/org.apache.logging.log4j/log4j@2.0.2" | |
| ], | |
| "status": "affected", | |
| "status_notes": "Open Source Vulnerabilities (OSV) found vulnerabilities", | |
| "timestamp": "2023-03-11T05:41:49.563071Z", | |
| "vuln_description": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender", | |
| "vulnerability": "GHSA-vwqq-5vrc-xw9h" | |
| } | |
| ], | |
| "satisfied": false | |
| } | |
| ] | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment