Skip to content

Invalidate CVE-2021-45105 in org.apache.logging.log4j:log4j-api

The vulnerability is in org.apache.logging.log4j:log4j-core, not org.apache.logging.log4j:log4j-api

Other database correctly indicate that this vulnerability doesn't apply to log4j-api and only applies to log4j-core, such as GitHub's at https://github.com/advisories/GHSA-p6xc-xr62-6r2g

Merge request reports