Package impact
Maven / org.apache.logging.log4j:log4j-core
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-45046 | unknown | — | 2.5 | 5y ago | Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in… | |||
| CVE-2026-34478 | unknown | — | — | 2mo ago | Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility | |||
| CVE-2026-34480 | unknown | — | — | 2mo ago | Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.html#XmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 spec… | |||
| CVE-2025-68161 | unknown | — | — | 6mo ago | Apache Log4j does not verify the TLS hostname in its Socket Appender | |||
| CVE-2023-26464 | unknown | — | — | 3y ago | Apache Log4j 1.x (EOL) allows Denial of Service (DoS) |