log4j:2/log4j-web

Direct Vulnerabilities

Known vulnerabilities in the log4j:2/log4j-web package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • M
Insecure Default Initialization of Resource

*
  • H
LDAP Injection

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Insufficient Granularity of Access Control

*
  • H
Uncontrolled Memory Allocation

*
  • H
Incorrect Default Permissions

*
  • H
Allocation of Resources Without Limits or Throttling

*
  • H
Numeric Range Comparison Without Minimum Check

*
  • H
Missing Authentication for Critical Function

*
  • H
Deserialization of Untrusted Data

*
  • L
Expression Language Injection

*
  • M
Arbitrary Code Injection

*
  • M
Directory Traversal

*
  • M
Cleartext Storage of Sensitive Information

*
  • M
Improper Certificate Validation

*
  • M
Improper Certificate Validation

*
  • M
Inappropriate Encoding for Output Context

*
  • M
Link Following

*
  • M
Improper Certificate Validation

*
  • M
CRLF Injection

*
  • M
Improper Certificate Validation

*
  • M
Improper Handling of Unexpected Data Type

*
  • M
XML Injection

*
  • M
Improper Handling of Inconsistent Special Elements

*
  • M
Directory Traversal

*
  • M
Directory Traversal

*
  • L
Misinterpretation of Input

*
  • M
Improper Input Validation

*
  • M
Improper Validation of Certificate with Host Mismatch

*
  • H
Directory Traversal

*
  • M
Improper Resource Shutdown or Release

*
  • M
Cross-site Request Forgery (CSRF)

*
  • M
Improper Input Validation

*
  • M
Directory Traversal

*
  • M
Session Fixation

*
  • L
Uncontrolled Recursion

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
HTTP Response Splitting

*
  • M
Information Exposure

*
  • M
Improper Authentication

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Improper Validation of Syntactic Correctness of Input

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Integer Overflow or Wraparound

*
  • M
Improper Validation of Specified Index, Position, or Offset in Input

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • H
Resource Exhaustion

*
  • M
Uncontrolled Recursion

*
  • M
Improper Input Validation

*
  • L
Out-of-bounds Write

*