Log4cxx Security Vulnerabilities and Issues — Log4cxx CVE List

Lucene search

ApacheLog4cxx

3 matches found

CVE•added 2023/05/08 9:15 a.m.•46 views

CVE-2023-31038

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, so only C++ applications a...

8.8CVSS8.9AI score0.00498EPSS

CVE•added 2025/08/22 7:15 p.m.•9 views

CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON messag...

7.5CVSS6.3AI score0.00193EPSS

CVE•added 2025/08/22 7:15 p.m.•8 views

CVE-2025-54812

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file.If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Javascript in order to h...

5.4CVSS6.1AI score0.00094EPSS