GHSA-W35J-PV5H-Q9Q9 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout

Apache Log4j's JsonTemplateLayout, in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values NaN, Infinity, or -Infinity, which are prohibited by RFC 8259. This may cause downstream log processing systems to reject or fail to ind...

ROS-20251105-03

A vulnerability in the Apache Log4cxx C++ logging framework is related to insufficient cleanup of the user-supplied data when using an ODBC appender to send log messages to a database. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQL queries in th...

[SECURITY] [DLA 4322-1] log4cxx security update

Debian LTS Advisory DLA-4322-1 [email protected] https://www.debian.org/lts/security/ Lukas Märdian October 05, 2025 https://wiki.debian.org/LTS Package : log4cxx Version : 0.11.0-2+deb11u1 CVE ID : CVE-2025-54812 CVE-2025-54813 Debian Bug : 1111879 1111881 Multiple vulnerabilities were...

Debian dla-4322 : liblog4cxx-dev - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4322 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4322-1 [email protected]...

UBUNTU-CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON...

Apache Log4cxx 安全漏洞

Apache Log4cxx is the United States Apache Apache Foundation of a C + + logging framework patterned on Apache log4j . An input validation error vulnerability exists in Apache Log4cxx versions prior to 1.5.0, which stems from JSONLayout not properly escaping all payload bytes, and can be exploited...

PT-2025-34482

Name of the Vulnerable Software and Affected Versions: Apache Log4cxx versions prior to 1.5.0 Description: The software contains an improper output neutralization issue for logs. When using JSONLayout, not all payload bytes are properly escaped. Attackers can supply messages containing...

CVE-2023-31422

A flaw was found by Elastic, where sensitive information is recorded in Kibana logs. This issue occurs in the event of an error when logging in to the JSON layout or when the pattern layout is configured to log the %meta pattern...

Design/Logic Flaw

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

CVE-2023-31422 Kibana Insertion of Sensitive Information into Log File

An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is configured to log the %meta pattern. Elastic has released Kibana 8.10.1...

Kibana 8.10.1 Security Update

Kibana Insertion of Sensitive Information into Log File ESA-2023-17 An issue was discovered by Elastic whereby sensitive information is recorded in Kibana logs in the event of an error. The issue impacts only Kibana version 8.10.0 when logging in the JSON layout or when the pattern layout is...