Package impact
Maven / org.apache.logging.log4j:log4j-core
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2021-44228 | critical | — | 10.0 | 5y ago | Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. | |
| CVE-2017-5645 | critical | 9.8 | 9.8 | 9y ago | Deserialization of Untrusted Data in Log4j | |
| CVE-2021-45046 | unknown | — | 1.5 | 5y ago | Incomplete fix for Apache Log4j vulnerability | |
| CVE-2026-34478 | unknown | — | — | 2mo ago | Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility | |
| CVE-2026-34480 | unknown | — | — | 2mo ago | Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters | |
| CVE-2021-44832 | unknown | — | — | 5y ago | Improper Input Validation and Injection in Apache Log4j2 |