Fix affected_range version to match apache and nist CVE-2021-45046 (!25047) · Merge requests · GitLab.org / security-products / advisory-database · GitLab

Ben Griffiths requested to merge whostolebenfrog/gemnasium-db:2021-45046-version-range-fix into master Aug 02, 2023

Looking at Apache's security fix page, this vulnerability was actually fixed in 2.16.0 not 2.17.0. https://logging.apache.org/log4j/2.x/security.html

NIST also has this as fixed in 2.16.0

https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Many thanks!