log4j vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the log4j package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • H
Deserialization of Untrusted Data

*
  • M
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • M
Improper Input Validation

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • H
Directory Traversal

<0:1.2.12-1jpp_1rh
  • M
CVE-2007-1863

<0:1.2.12-1jpp_1rh
  • M
CVE-2005-2090

<0:1.2.12-1jpp_1rh
  • M
CVE-2005-3510

<0:1.2.12-1jpp_1rh
  • M
Out-of-bounds Read

<0:1.2.12-1jpp_1rh
  • M
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • M
CVE-2007-3304

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • H
Directory Traversal

<0:1.2.12-1jpp_1rh
  • L
Configuration

<0:1.2.12-1jpp_1rh
  • M
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • H
Resource Management Errors

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • H
Directory Traversal

<0:1.2.12-1jpp_1rh
  • H
Improper Input Validation

<0:1.2.12-1jpp_1rh
  • H
Directory Traversal

<0:1.2.12-1jpp_1rh
  • L
Resource Exhaustion

<0:1.2.12-1jpp_1rh
  • M
Out-of-Bounds

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • M
Numeric Errors

<0:1.2.12-1jpp_1rh
  • M
Integer Overflow or Wraparound

<0:1.2.12-1jpp_1rh
  • L
NULL Pointer Dereference

<0:1.2.12-1jpp_1rh
  • L
CVE-2009-3095

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • L
CVE-2006-3835

<0:1.2.12-1jpp_1rh
  • L
Cross-site Scripting (XSS)

<0:1.2.12-1jpp_1rh
  • M
Allocation of Resources Without Limits or Throttling

<0:1.2.12-1jpp_1rh
  • M
Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

<0:1.2.12-1jpp_1rh
  • L
Information Exposure

<0:1.2.12-1jpp_1rh
  • H
Out-of-Bounds

<0:1.2.12-1jpp_1rh
  • H
Out-of-Bounds

<0:1.2.12-1jpp_1rh
  • H
Out-of-Bounds

<0:1.2.12-1jpp_1rh