Apache

Log4cxx

3 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-54812

  • EPSS 0.19%
  • Published 22.08.2025 18:46:46
  • Last modified 26.08.2025 21:16:55

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could t...

7.5

CVE-2025-54813

  • EPSS 0.32%
  • Published 22.08.2025 18:45:42
  • Last modified 26.08.2025 21:16:19

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the ...

8.8

CVE-2023-31038

Exploit
  • EPSS 0.39%
  • Published 08.05.2023 09:15:09
  • Last modified 21.11.2024 08:01:17

SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that...