VIR Vulnerability Intelligence Relay

Package impact

java Maven / org.apache.logging.log4j:log4j-core

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2021-44228 critical 10.0 5y ago Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. archdebiansusejava
CVE-2017-5645 critical 9.8 9.8 9y ago Deserialization of Untrusted Data in Log4j debiansuseredhatjava+1
CVE-2026-34477 medium 5.9 5.9 2mo ago Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration debiansusejavaapache