Log4j:log4j
This hub aggregates every CVE we track for Log4j:log4j, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
6
CVEs tracked
2
Critical
4
High
0
In CISA KEV
Severity distribution
HIGH4CRITICAL2
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 6 most recently published vulnerabilities affecting Log4j:log4j.
- CVE-2023-26464Apache Log4j 1.x (EOL) allows DoS in Chainsaw and SocketAppender7.5
- CVE-2022-23307A deserialization flaw in the Chainsaw component of Log4j 1 can lead to malicious code execution.8.8
- CVE-2022-23305SQL injection in JDBC Appender in Apache Log4j V19.8
- CVE-2022-23302Deserialization of untrusted data in JMSSink in Apache Log4j 1.x8.8
- CVE-2021-4104Deserialization of untrusted data in JMSAppender in Apache Log4j 1.27.5
- CVE-2019-17571Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization ...9.8
Product normalization is registry-driven with AI assist and human review. How it works