Package impact
Maven / log4j:log4j
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23305 | critical | 9.8 | 9.8 | 4y ago | RHSA-2022:0290: parfait:0.5 security update (Important) | |||
| CVE-2019-17571 | critical | 9.8 | 9.8 | 7y ago | Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization ga… | |||
| CVE-2023-26464 | unknown | — | — | 3y ago | Apache Log4j 1.x (EOL) allows Denial of Service (DoS) |