pkg:Maven/org.apache.logging.log4j:log4j-core

All known vulnerabilities

• CRITICAL10.0CVE-2021-44228⚠ KEVapache-log4j2 - security update
  >= 2.13.0, < 2.15.0
• CRITICAL9.0CVE-2021-45046⚠ KEVapache-log4j2 - security update
  >= 2.13.0, < 2.16.0
• CRITICAL9.8Deserialization of Untrusted Data in Log4j
  >= 2.0, < 2.8.2
• HIGH8.6apache-log4j2 - security update
  >= 2.4.0, < 2.12.3
• HIGH7.5Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
  >= 2.0-alpha1, < 2.25.4
• HIGH7.5Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
  >= 1.0.4, < 2.0
• MEDIUM6.6apache-log4j2 - security update
  >= 2.0-beta7, < 2.3.2
• MEDIUM4.8apache-log4j2 - security update
  >= 2.0-beta9, < 2.25.3
• LOW3.7apache-log4j2 - security update
  >= 2.13.0, < 2.13.2
• —Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration
  >= 2.12.0, < 2.25.4
• —Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility
  >= 2.21.0, < 2.25.4