Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/27 6:8 p.m.18 views

Regular Expression Denial of Service (ReDoS)

Overview liquidjs is an A simple, expressive, safe and Shopify compatible template engine in pure JavaScript. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS through the striphtml filter in the HTML filter implementation. An attacker can block the...

8.7CVSS5.8AI score0.00385EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2026/04/14 11:26 p.m.6 views

SUSE CVE-2026-34479

The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downstream log...

5.3CVSS5.8AI score0.00535EPSS
Exploits1References4
OSV
OSV
added 2026/04/10 6:31 p.m.2 views

GHSA-3PXV-7CMR-FJR4 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout, in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification, producing invalid XML output whenever a log message or MDC value contains such characters. The impact depends on the StAX implementation in use: JRE built-in...

6.9CVSS5.7AI score0.0086EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/10 3:42 p.m.2 views

CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core's XmlLayout https://logging.apache.org/log4j/2.x/manual/layouts.htmlXmlLayout , in versions up to and including 2.25.3, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/charsets producing invalid XML output whenever a log message or M...

6.9CVSS5.8AI score0.0086EPSS
Exploits0References5
Rows per page
Query Builder