Apache Log4j — библиотека журналирования (логирования) Java-программ
Релизный цикл, информация об уязвимостях
График релизов
Количество 106
CVE-2023-26464
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
GHSA-vp98-w2p3-mv35
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
CVE-2023-26464
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-26464
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppe ...
CVE-2023-26464
** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
BDU:2023-07207
Уязвимость компонентов Chainsaw и SocketAppender программы для журналирования Java-программ Log4j, позволяющая нарушителю вызвать отказ в обслуживании
GHSA-prp9-9gxw-38j8
A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.
BDU:2022-02763
Уязвимость программы для журналирования Java-программ Log4j , связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии
GHSA-w9p3-5cr8-m3jj
Deserialization of Untrusted Data in Log4j 1.x
GHSA-65fg-84f6-3jq3
SQL Injection in Log4j 1.2.x
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано 1 | |
|---|---|---|---|---|
 | CVE-2023-26464 ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-vp98-w2p3-mv35 Apache Log4j 1.x (EOL) allows Denial of Service (DoS) | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-26464 ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| CVE-2023-26464 ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppe ... | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-26464 ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
 | BDU:2023-07207 Уязвимость компонентов Chainsaw и SocketAppender программы для журналирования Java-программ Log4j, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| GHSA-prp9-9gxw-38j8 A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. | CVSS3: 9.8 | 0% Низкий | около 3 лет назад |
| BDU:2022-02763 Уязвимость программы для журналирования Java-программ Log4j , связанная с небезопасным управлением привилегиями, позволяющая нарушителю повысить свои привилегии | CVSS3: 8.8 | 0% Низкий | около 3 лет назад |
| GHSA-w9p3-5cr8-m3jj Deserialization of Untrusted Data in Log4j 1.x | CVSS3: 8.8 | 0% Низкий | больше 3 лет назад |
| GHSA-65fg-84f6-3jq3 SQL Injection in Log4j 1.2.x | CVSS3: 9.8 | 15% Средний | больше 3 лет назад |
Уязвимостей на страницу