Package impact
Maven / org.apache.logging.log4j:log4j-core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-44228 | critical | — | 10.0 | 5y ago | Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. | |||
| CVE-2017-5645 | critical | 9.8 | 9.8 | 9y ago | Deserialization of Untrusted Data in Log4j | |||
| CVE-2021-44832 | medium | 6.6 | 6.6 | 5y ago | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender wit… | |||
| CVE-2026-34477 | medium | 5.9 | 5.9 | 2mo ago | Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration | |||
| CVE-2021-45105 | medium | 5.9 | 5.9 | 5y ago | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thre… |