io.github.braully:bpp-cobranca (>=1.0.0 <=1.0.1), org.opencadc:cadc-access-control (>=1.1.21 <=1.1.31) +78 more potentially affected by CVE-2026-34479 via org.apache.logging.log4j:log4j-1.2-api (=3.0.0-beta2)

org.apache.logging.log4j:log4j-1.2-api MAVEN version =3.0.0-beta2 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.logging.log4j:log4j-1.2-api and may be impacted: - io.github.braully:bpp-cobranca =1.0.0, =1.1.21, =1.0.8, =1.2.0, =1.1.10, =1....

Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)

Summary Based on current information and analysis, IBM Jazz for Service Management does not use Apache log4j-core library which is vulnerable to CVE-2021-45105, CVE-2021-45046 . However, IBM Jazz for Service Management may be impacted because the old version of Log4j-1.2-api and Log4j-api are use...

Apache Log4j allows insecure JNDI lookups

Overview Apache Log4j allows insecure JNDI lookups that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the vulnerable Java application using Log4j. CISA has published Apache Log4j Vulnerability Guidance and provides a Software List. Description Th...

GHSA-JFH8-C2JP-5V3Q Remote code injection in Log4j

Summary Log4j versions prior to 2.16.0 are subject to a remote code execution vulnerability via the ldap JNDI parser. As per Apache's Log4j security guide: Apache Log4j2 =2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and...