This page collects WhisperX intelligence signals tagged #Apache Log4j. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical vulnerability in Apache Log4j 2.x allows attackers to execute arbitrary code on vulnerable systems. The flaw, tracked as CVE-2017-5645, resides in versions before 2.8.2 and carries a maximum severity score of 9.8. This is not a theoretical risk; it is a direct path for remote compromise when the logging libr...
A critical vulnerability in Apache Log4j 2, designated CVE-2021-44228, exposes countless systems to remote code execution. The flaw resides in the library's JNDI lookup feature, allowing attackers who can control log messages or parameters to execute arbitrary code loaded from external LDAP and other JNDI-related endpo...
A critical, high-severity vulnerability in Apache Log4j 2.x has been flagged, posing a severe remote code execution risk to applications using the library's socket servers. Identified as CVE-2017-5645, this flaw carries a CVSS score of 9.8, indicating its potential for widespread exploitation. The vulnerability specifi...
A critical vulnerability, CVE-2021-45046, has been detected in the Apache Log4j library, specifically in version log4j-core-2.6.1.jar. This flaw represents an incomplete fix for the previously disclosed CVE-2021-44228 (Log4Shell), leaving systems vulnerable under specific configurations. The vulnerability is not theore...
Apache Log4j 2 日志框架再次拉响安全警报。在广泛使用的 `log4j-slf4j2-impl-2.20.0.jar` 库中,发现了三个安全漏洞,其中最高严重性评分为 5.8 分(中危)。这些漏洞直接存在于核心依赖 `log4j-core-2.20.0.jar` 中,影响所有使用该版本绑定的 Spring Boot 等 Java 应用。尽管漏洞的利用成熟度尚未明确,但其存在本身已构成潜在风险,尤其对于未及时更新依赖的庞大遗留系统。 具体漏洞包括 CVE-2026-34480(CVSS 5.8)和 CVE-2025-68161(CVSS 4.0)。扫描报告显示,这些漏洞目前尚无官方修复版本可用,标记为“修复不可用”。这意...
A newly identified medium-severity vulnerability, CVE-2026-34479, has been flagged within a widely used Apache Log4j component. The specific vulnerable library is log4j-core-2.11.2.jar, a version of the ubiquitous Java logging framework. This finding is not an isolated incident but a direct dependency within a larger s...
Apache Log4j 2 核心组件再次曝出高危安全漏洞。新发现的 CVE-2025-68161 影响范围广泛,涉及 Apache Log4j Core 从 2.0-beta9 到 2.25.2 的所有版本。漏洞核心在于其 Socket Appender 组件未能对通信对端的 TLS 证书执行主机名验证。这意味着,在特定配置下,使用该组件的应用程序可能面临中间人攻击风险,攻击者可能拦截或篡改日志数据流。这一缺陷直接削弱了 TLS 连接的核心安全保障,为潜在的数据泄露或日志注入攻击打开了后门。 此次漏洞由 GitHub 的依赖更新机器人 Renovate 在自动提交的修复拉取请求中披露。请求旨在将项目依赖的 `org.apache...
A critical deserialization vulnerability in Apache Log4j 2.x, tracked as CVE-2017-5645, exposes systems to remote code execution (RCE) attacks. With a maximum CVSS severity score of 9.8, the flaw resides in the TCP and UDP socket server components. When these servers are used to receive serialized log events, a malicio...
A critical security advisory (GHSA-3pxv-7cmr-fjr4) targeting Apache Log4j's log4j-core component has been published, exposing the Ray project to potential remote code execution (RCE) or denial of service (DoS) attacks. The Ray project currently relies on log4j-core version 2.25.3, which is flagged as vulnerable, while ...
A medium-severity vulnerability has been identified in Apache Log4j Core's XmlLayout component, affecting versions up to and including 2.25.3. The flaw centers on insufficient sanitization of characters prohibited by the XML 1.0 specification, according to a GitHub Issues report referencing commit 4f5014229825d8be97766...
A critical security patch has been deployed to address CVE-2021-44228, the notorious Log4Shell vulnerability that carries a maximum CVSS 10.0 severity rating. The remediation upgrades Apache Log4j components from version 2.6.1 to 2.17.1, closing a remote code execution flaw that has prompted emergency response efforts ...