3 matches found
CVE-2026-40023 Apache Log4cxx, Apache Log4cxx (Conan), Apache Log4cxx (Brew): Silent log event loss in XMLLayout due to unescaped XML 1.0 forbidden characters
Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx11xml11XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets in log messages, NDC, and MDC property keys and values, producin...
PT-2025-34481
Name of the Vulnerable Software and Affected Versions: Apache Log4cxx versions prior to 1.5.0 Description: Apache Log4cxx contains an Improper Output Neutralization for Logs issue. When using HTMLLayout, logger names are not properly escaped when writing to an HTML file. If untrusted data is used...
log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender
A flaw was found in the Java logging library Apache Log4j in version 1.x. JDBCAppender in Log4j 1.x is vulnerable to SQL injection in untrusted data. This allows a remote attacker to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain...