Matt, I see that it is fixed in https://nvd.nist.gov/vuln/detail/CVE-2021-44228 Did you do it? If so, 1. How did you come up with CPEs? 2. How did you edit the CVE?
On Mon, Dec 13, 2021 at 6:50 PM Matt Sicker <[email protected]> wrote: > Based on existing CPEs, I think it would look something like: > > cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:* up to version 2.14.1 are affected. > > On Mon, Dec 13, 2021 at 3:31 AM Volkan Yazıcı <[email protected]> wrote: > > > > Mind somebody helping with LOG4J2-3213 > > <https://issues.apache.org/jira/browse/LOG4J2-3213>, please? I have no > idea > > how this entire CVE process is managed and updated. I would appreciate it > > if the one who performs the correction can also share how he/she did > that. > > So that next time first-timers like me can also help. >
