Lucene search
K
ApacheLog4j3.0.0

6 matches found

CVE
CVE
added 2026/04/10 3:42 p.m.899 views

CVE-2026-34480

Technical details about CVE-2026-34480 are not publicly available in the provided connected documents. The initial description gives an overview but no vendor/product/version specifics or remediation steps here. Monitor for updates from official advisories.

7.5CVSS5.8AI score0.0086EPSS
CVE
CVE
added 2026/04/10 3:36 p.m.198 views

CVE-2026-34477

CVE-2025-68161 (and CVE-2026-34477) affect Apache Log4j Core Socket Appender where TLS hostname verification was silently ignored when configured via verifyHostName, leaving potential MITM scenarios under SMTP, Socket, or Syslog Appenders using a nested element. The issue spans versions 2.0-beta...

6.3CVSS6.6AI score0.00395EPSS
CVE
CVE
added 2026/04/10 3:40 p.m.121 views

CVE-2026-34478

CVE-2026-34478 (Log4j Core) affects Apache Log4j Core 2.21.0 through 2.25.3 and involves CRLF log-injection risks in stream-based syslog output due to undocumented renames of configuration attributes in Rfc5424Layout. Specifically, the newLineEscape attribute was silently renamed, breaking newlin...

7.5CVSS5.8AI score0.00831EPSS
CVE
CVE
added 2026/04/10 3:43 p.m.65 views

CVE-2026-34481

CVE-2026-34481 affects Apache Log4j’s JsonTemplateLayout. Versions up to 2.25.3 produce invalid JSON when log events contain non-finite floating-point values (NaN, Infinity, -Infinity), violating RFC 8259 and potentially causing downstream log processors to reject or fail indexing. Exploitation r...

7.5CVSS6.1AI score0.00555EPSS
CVE
CVE
added 2026/04/10 3:41 p.m.63 views

CVE-2026-34479

The CVE affects the Apache Log4j 1-to-Log4j 2 bridge: Log4j1XmlLayout used in Log4j Core 2 configurations or via the Log4j 1 compatibility layer with org.apache.log4j.xml.XMLLayout. The root cause is failure to properly escape characters forbidden by XML 1.0, producing malformed XML that conformi...

7.5CVSS5.8AI score0.00535EPSS
CVE
CVE
added 6 days ago54 views

CVE-2026-49844

CVE-2026-49844 describes an issue in the Apache Log4j API where MapMessage.asJson() can emit non-finite IEEE 754 values (NaN, Infinity, -Infinity) as bare tokens during JSON serialization. This affects Log4j API versions 2.13.1–2.25.4 and 2.26.0. The fault occurs when a MapMessage contains an att...

6.3CVSS6.1AI score0.00659EPSS