29 results

SQL Injection in Log4j 1.2.x

Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters

Apache Log4j Core: log injection in `Rfc5424Layout` due to silent configuration incompatibility

Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library

Using JMSAppender in log4j configuration may lead to deserialization of untrusted data

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

Apache Log4j2 Remote Code Execution Vulnerability