Homepage

log4j vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the log4j package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free
VulnerabilityVulnerable Version
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • M
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • M
Improper Input Validation

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • H
Directory Traversal

<0:1.2.12-1jpp_1rh
  • M
CVE-2007-1863

<0:1.2.12-1jpp_1rh
  • M
CVE-2005-2090

<0:1.2.12-1jpp_1rh
  • M
CVE-2005-3510

<0:1.2.12-1jpp_1rh
  • M
Out-of-bounds Read

<0:1.2.12-1jpp_1rh
  • M
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • M
CVE-2007-3304

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • H
Directory Traversal

<0:1.2.12-1jpp_1rh
  • L
Configuration

<0:1.2.12-1jpp_1rh
  • M
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • H
Resource Management Errors

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • H
Directory Traversal

<0:1.2.12-1jpp_1rh
  • H
Improper Input Validation

<0:1.2.12-1jpp_1rh
  • H
Directory Traversal

<0:1.2.12-1jpp_1rh
  • L
Resource Exhaustion

<0:1.2.12-1jpp_1rh
  • M
Out-of-Bounds

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • M
Numeric Errors

<0:1.2.12-1jpp_1rh
  • M
Integer Overflow or Wraparound

<0:1.2.12-1jpp_1rh
  • L
NULL Pointer Dereference

<0:1.2.12-1jpp_1rh
  • L
CVE-2009-3095

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • L
CVE-2006-3835

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • M
Allocation of Resources Without Limits or Throttling

<0:1.2.12-1jpp_1rh
  • M
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • H
Out-of-Bounds

<0:1.2.12-1jpp_1rh
  • H
Out-of-Bounds

<0:1.2.12-1jpp_1rh
  • H
Out-of-Bounds

<0:1.2.12-1jpp_1rh