Based on existing CPEs, I think it would look something like: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* up to version 2.14.1 are affected.
On Mon, Dec 13, 2021 at 3:31 AM Volkan Yazıcı <vol...@yazi.ci> wrote: > > Mind somebody helping with LOG4J2-3213 > <https://issues.apache.org/jira/browse/LOG4J2-3213>, please? I have no idea > how this entire CVE process is managed and updated. I would appreciate it > if the one who performs the correction can also share how he/she did that. > So that next time first-timers like me can also help.