Package impact
Maven / org.zenframework.z8.dependencies.commons:log4j-1.2.17
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23307 | high | 8.8 | 8.8 | 4y ago | Deserialization of Untrusted Data in Apache Log4j | |||
| CVE-2022-23302 | high | 8.8 | 8.8 | 4y ago | Deserialization of Untrusted Data in Log4j 1.x | |||
| CVE-2021-4104 | high | — | 8.0 | 5y ago | JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectio… |