33 lines
1016 B
JSON
33 lines
1016 B
JSON
{
|
|
"sampleId": "sample:java:vulnerable-log4j:001",
|
|
"version": "1.0.0",
|
|
"createdAt": "2025-12-13T12:00:00Z",
|
|
"language": "java",
|
|
"category": "positive",
|
|
"description": "Log4Shell CVE-2021-44228 reachable via JNDI lookup in logging path from HTTP request handler",
|
|
"source": {
|
|
"repository": "synthetic",
|
|
"commit": "synthetic-sample",
|
|
"buildToolchain": "maven:3.9.0,jdk:17"
|
|
},
|
|
"vulnerabilities": [
|
|
{
|
|
"vulnId": "CVE-2021-44228",
|
|
"purl": "pkg:maven/org.apache.logging.log4j/log4j-core@2.14.1",
|
|
"affectedSymbol": "org.apache.logging.log4j.core.lookup.JndiLookup.lookup"
|
|
}
|
|
],
|
|
"artifacts": [
|
|
{
|
|
"path": "artifacts/app.jar",
|
|
"hash": "sha256:0000000000000000000000000000000000000000000000000000000000000004",
|
|
"type": "application/java-archive"
|
|
},
|
|
{
|
|
"path": "artifacts/sbom.cdx.json",
|
|
"hash": "sha256:0000000000000000000000000000000000000000000000000000000000000005",
|
|
"type": "application/vnd.cyclonedx+json"
|
|
}
|
|
]
|
|
}
|