pkg:maven/org.apache.logging.log4j/log4j
Type
maven
Namespace
org.apache.logging.log4j
Name
log4j
Known advisories, vulnerabilities and fixes for org.apache.logging.log4j/log4j package.
Critical
1
Low
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | >= 2.0, < 2.8.2 |
CVE-2017-5645
|
 MAVEN:GHSA-FXPH-Q3J8-MV87
|
Deserialization of Untrusted Data in Log4j | critical |
2020-01-06T18:43:38
(4 years ago) |
|
| Fixed | = 2.8.2 |
CVE-2017-5645
|
MAVEN:GHSA-FXPH-Q3J8-MV87
|
Deserialization of Untrusted Data in Log4j | critical |
2020-01-06T18:43:38
(4 years ago) |
|
| Affected | < 2.13.2 |
CVE-2020-9488
|
MAVEN:GHSA-VWQQ-5VRC-XW9H
|
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender | low |
2020-06-05T14:15:51
(4 years ago) |
|
| Fixed | = 2.13.2 |
CVE-2020-9488
|
MAVEN:GHSA-VWQQ-5VRC-XW9H
|
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender | low |
2020-06-05T14:15:51
(4 years ago) |