7 matches found
EUVD-2026-43102
Improper encoding of non-finite floating-point values during MapMessage JSON serialization in Apache Log4j API produces output that is not valid JSON. This issue affects Apache Log4j API versions 2.13.1 through 2.25.4 and version 2.26.0. The fix for CVE-2026-34481 did not cover all code paths: wh...
CVE-2026-49844
CVE-2026-49844 describes an issue in the Apache Log4j API where MapMessage.asJson() can emit non-finite IEEE 754 values (NaN, Infinity, -Infinity) as bare tokens during JSON serialization. This affects Log4j API versions 2.13.1–2.25.4 and 2.26.0. The fault occurs when a MapMessage contains an att...
PT-2026-57319
Name of the Vulnerable Software and Affected Versions Apache Log4j API versions 2.13.1 through 2.25.4 Apache Log4j API version 2.26.0 Description Improper encoding of non-finite IEEE 754 floating-point values NaN, Infinity, or -Infinity during MapMessage JSON serialization produces output that is...
io.github.braully:bpp-cobranca (>=1.0.0 <=1.0.1), org.opencadc:cadc-access-control (>=1.1.21 <=1.1.31) +78 more potentially affected by CVE-2026-34479 via org.apache.logging.log4j:log4j-1.2-api (=3.0.0-beta2)
org.apache.logging.log4j:log4j-1.2-api MAVEN version =3.0.0-beta2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.logging.log4j:log4j-1.2-api and may be impacted: - io.github.braully:bpp-cobranca =1.0.0, =1.1.21, =1.0.8, =1.2.0, =1.1.10, =1....
Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)
Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...
Apache Log4j allows insecure JNDI lookups
Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description Th...
GHSA-JFH8-C2JP-5V3Q Remote code injection in Log4j
Summary Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per Apache's Log4j security guide: Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and...