📦 Log4j

CVE-2022-23305 is an SQL injection vulnerability in Log4j 1.2.x's JDBCAppender that allows attackers to execute arbitrary SQL queries by injecting malicious strings into application inputs that get lo...

CVE-2021-45046 is an incomplete fix for the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j 2.15.0 that allows attackers to execute arbitrary code via JNDI lookups in certain non-default logg...

CVE-2021-44228 (Log4Shell) is a critical remote code execution vulnerability in Apache Log4j2 that allows attackers to execute arbitrary code by exploiting JNDI lookups in log messages. This affects a...

CVE-2020-9493 is a critical deserialization vulnerability in Apache Chainsaw that allows remote attackers to execute arbitrary code by sending specially crafted data. This affects all Apache Chainsaw ...

CVE-2021-4104 is a deserialization vulnerability in Log4j 1.2's JMSAppender that allows remote code execution when attackers can modify Log4j configuration files. This affects systems running Log4j 1....

This vulnerability in Apache Log4j Core allows man-in-the-middle attackers to intercept or redirect encrypted log traffic when TLS hostname verification fails, even when configured to verify. It affec...