Lucene search
K
ApacheLog4cxx

4 matches found

CVE
CVE
added 2023/05/08 8:54 a.m.67 views

CVE-2023-31038

Summary (CVE-2023-31038): SQL injection in the Log4cxx ODBC appender allows injecting SQL into a database because input fields were not escaped in older releases. The vulnerability affected builds where ODBC support was present, the ODBCAppender was enabled, and user input was logged. It has been...

8.8CVSS8.9AI score0.01597EPSS
CVE
CVE
added 2025/08/22 6:45 p.m.39 views

CVE-2025-54813

CVE-2025-54813 affects Apache Log4cxx prior to 1.5.0, due to improper output neutralization for JSONLayout where certain non‑printable characters in attacker-supplied messages are not escaped, potentially impacting log consumption. Fedora advisory confirms a 1.5.0-1.fc41 update as the fix, and De...

7.5CVSS6.3AI score0.01211EPSS
CVE
CVE
added 2025/08/22 6:46 p.m.26 views

CVE-2025-54812

CVE-2025-54812 affects Apache Log4cxx prior to 1.5.0. The issue is due to improper output neutralization in HTMLLayout: logger names from untrusted sources are not escaped when writing HTML logs, enabling potential HTML/JS injection that could lead to log manipulation or information exposure when...

5.4CVSS6.1AI score0.01084EPSS
CVE
CVE
added 2026/04/10 3:45 p.m.11 views

CVE-2026-40023

CVE-2026-40023 concerns Apache Log4cxx XMLLayout (pre-1.7.0) that fails to sanitize XML 1.0 forbidden characters in log messages, NDC, and MDC keys/values, producing invalid XML. Conforming parsers may reject such documents, potentially dropping or failing to index affected records and impairing ...

6.3CVSS5.8AI score0.00499EPSS