3 matches found
Apache Log4j 2.0-alpha1 < 2.25.4 XmlLayout Invalid XML Output (CVE-2026-34480)
The version of Apache Log4j on the remote host is 2.0-alpha1 through 2.25.3. It is, therefore, affected by a vulnerability: - The XmlLayout fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such character...
SUSE CVE-2026-34480
Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...
bg.codexio.ai:openai-api-examples (>=0.8.0.BETA <=0.9.0.BETA-JDK17), ch.cern:cerndb-sw-zkpolicy (=1.0.1-21) +307 more potentially affected by CVE-2026-34480 via org.apache.logging.log4j:log4j-core (>=3.0.0-alpha1 <=3.0.0-beta3)
org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-alpha1, =0.8.0.BETA, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 and more Source cves: CVE-2026-34480 Source advisory: OSV:GHSA-3PXV-7CMR-FJR4...