4 matches found
CVE-2023-31038
Summary (CVE-2023-31038): SQL injection in the Log4cxx ODBC appender allows injecting SQL into a database because input fields were not escaped in older releases. The vulnerability affected builds where ODBC support was present, the ODBCAppender was enabled, and user input was logged. It has been...
CVE-2025-54813
CVE-2025-54813 affects Apache Log4cxx prior to 1.5.0, due to improper output neutralization for JSONLayout where certain non‑printable characters in attacker-supplied messages are not escaped, potentially impacting log consumption. Fedora advisory confirms a 1.5.0-1.fc41 update as the fix, and De...
CVE-2025-54812
CVE-2025-54812 affects Apache Log4cxx prior to 1.5.0. The issue is due to improper output neutralization in HTMLLayout: logger names from untrusted sources are not escaped when writing HTML logs, enabling potential HTML/JS injection that could lead to log manipulation or information exposure when...
CVE-2026-40023
CVE-2026-40023 concerns Apache Log4cxx XMLLayout (pre-1.7.0) that fails to sanitize XML 1.0 forbidden characters in log messages, NDC, and MDC keys/values, producing invalid XML. Conforming parsers may reject such documents, potentially dropping or failing to index affected records and impairing ...