Homepage

log4j:2/log4j-web vulnerabilities

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the log4j:2/log4j-web package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • H
Stack-based Buffer Overflow

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
HTTP Response Splitting

*
  • M
Information Exposure

*
  • M
Improper Authentication

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Improper Validation of Syntactic Correctness of Input

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • M
Integer Overflow or Wraparound

*
  • M
Improper Validation of Specified Index, Position, or Offset in Input

*
  • M
Allocation of Resources Without Limits or Throttling

*
  • H
Resource Exhaustion

*
  • M
Uncontrolled Recursion

*
  • M
Improper Input Validation

*
  • L
Out-of-bounds Write

*