Lucene search
K

141 matches found

NVD
NVD
added 4 days ago5 views

CVE-2026-49844

Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...

6.3CVSS0.0078EPSS
Exploits0References4
CVE
CVE
added 4 days ago26 views

CVE-2026-49844

CVE-2026-49844 describes an issue in the Apache Log4j API where MapMessage.asJson() can emit non-finite IEEE 754 values (NaN, Infinity, -Infinity) as bare tokens during JSON serialization. This affects Log4j API versions 2.13.1–2.25.4 and 2.26.0. The fault occurs when a MapMessage contains an att...

6.3CVSS6.1AI score0.0078EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago4 views

org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output

A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This...

7.5CVSS6AI score0.00555EPSS
Exploits0References9
IBM Security Bulletins
IBM Security Bulletins
added 2026/07/04 1:38 a.m.4 views

Security Bulletin: Due to the use of Google Go, IBM Cloud Pak Sys is affected by an infinite loop when unmarshaling certain forms of invalid JSON

Summary Vulnerability in Go used by Cloud Pak System CVE-2024-24786. Vulnerability Details CVEID:CVE-2024-24786 DESCRIPTION: The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which...

7.5CVSS6.7AI score0.01262EPSS
Exploits0Affected Software2
RedHat Linux
RedHat Linux
added 2026/06/02 5:41 p.m.9 views

org.apache.logging.log4j: Apache Log4j JsonTemplateLayout: Denial of Service via invalid JSON output

A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This...

7.5CVSS5.8AI score0.00555EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.17 views

SUSE CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

5.3CVSS6.1AI score0.00555EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/13 5:20 p.m.11 views

CVE-2026-34481

A flaw was found in Apache Log4j's JsonTemplateLayout. This vulnerability allows a remote attacker to disrupt log processing systems. By sending log events that include specific non-numeric floating-point values, the attacker can cause the JsonTemplateLayout to generate invalid JSON output. This...

7.5CVSS5.7AI score0.00555EPSS
Exploits0References8
Veracode
Veracode
added 2026/04/11 5:22 a.m.6 views

Improper Output Handling

Apache Log4j is vulnerable to Improper Output Handling. The vulnerability is due to JsonTemplateLayout generating invalid JSON when processing non-finite floating-point values e.g., NaN, Infinity, which are not compliant with RFC 8259, allowing attacker-controlled data in log events to produce...

7.5CVSS5.8AI score0.00555EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/04/10 6:31 p.m.13 views

EUVD-2026-21412

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

6.3CVSS5.8AI score0.00555EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 6:31 p.m.4 views

GHSA-W35J-PV5H-Q9Q9 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...

6.3CVSS5.8AI score0.00555EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/04/10 4:16 p.m.5 views

CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

7.5CVSS5.8AI score0.00555EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 4:16 p.m.15 views

UBUNTU-CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

7.5CVSS5.8AI score0.00555EPSS
Exploits0References8
Debian CVE
Debian CVE
added 2026/04/10 3:43 p.m.6 views

CVE-2026-34481

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

7.5CVSS6AI score0.00555EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/04/10 3:43 p.m.4 views

CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

6.3CVSS6.1AI score0.00555EPSS
Exploits0References5
CVE
CVE
added 2026/04/10 3:43 p.m.61 views

CVE-2026-34481

CVE-2026-34481 affects Apache Log4j’s JsonTemplateLayout. Versions up to 2.25.3 produce invalid JSON when log events contain non-finite floating-point values (NaN, Infinity, -Infinity), violating RFC 8259 and potentially causing downstream log processors to reject or fail indexing. Exploitation r...

7.5CVSS6.1AI score0.00555EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/04/10 3:43 p.m.42 views

CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

6.3CVSS0.00555EPSS
Exploits0References5
OSV
OSV
added 2026/04/10 3:43 p.m.2 views

CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. Th...

6.3CVSS6.1AI score0.00555EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.11 views

PT-2026-31943

Name of the Vulnerable Software and Affected Versions Apache Log4j versions up to and including 2.25.3 Description Apache Log4j's JsonTemplateLayout generates invalid JSON output when processing log events that include non-finite floating-point values NaN, Infinity, or -Infinity, violating RFC 82...

7.5CVSS5.7AI score0.00555EPSS
Exploits0References20
Debian CVE
Debian CVE
added 2026/04/08 10:26 p.m.11 views

CVE-2026-1092

Removed by vendor...

7.5CVSS7.3AI score0.00552EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/04/08 12:0 a.m.5 views

GitLab 12.10 < 18.8.9 / 18.9 < 18.9.5 / 18.10 < 18.10.3 (CVE-2026-1092)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause...

7.5CVSS7.4AI score0.00552EPSS
Exploits0References5
Rows per page
Query Builder