CVE-2021-45046

Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. Vendor/Product: Apache Log4j2. Added to CISA KEV 2023-05-01; required action: Apply updates per vendor instructions.