pkg:Maven/org.apache.logging.log4j:log4j-core

共 11 筆 CVECRITICAL3HIGH3MEDIUM2LOW1

✅ 檢查你的版本

所有已知漏洞

  • CRITICAL10.0CVE-2021-44228⚠ KEVapache-log4j2 - security update
    >= 2.13.0, < 2.15.0
  • CRITICAL9.0CVE-2021-45046⚠ KEVapache-log4j2 - security update
    >= 2.13.0, < 2.16.0
  • CRITICAL9.8CVE-2017-5645Deserialization of Untrusted Data in Log4j
    >= 2.0, < 2.8.2
  • HIGH8.6CVE-2021-45105apache-log4j2 - security update
    >= 2.4.0, < 2.12.3
  • HIGH7.5CVE-2026-34480Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
    >= 2.0-alpha1, < 2.25.4
  • HIGH7.5CVE-2023-26464Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
    >= 1.0.4, < 2.0
  • MEDIUM6.6CVE-2021-44832apache-log4j2 - security update
    >= 2.0-beta7, < 2.3.2
  • MEDIUM4.8CVE-2025-68161Apache Log4j does not verify the TLS hostname in its Socket Appender
    >= 2.0-beta9, < 2.25.3
  • LOW3.7CVE-2020-9488apache-log4j2 - security update
    >= 2.13.0, < 2.13.2
  • CVE-2026-34477Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
    >= 2.12.0, < 2.25.4
  • CVE-2026-34478Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
    >= 2.21.0, < 2.25.4