This page collects WhisperX intelligence signals tagged #log4j. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
一份来自代码依赖扫描的报告显示,Apache Log4j 2.6.1 版本的核心库 `log4j-core-2.6.1.jar` 存在三个严重漏洞,其中最高严重性评分为 CVSS 10.0 满分。该版本作为直接依赖项被广泛使用,意味着大量基于 Java 的应用程序和服务面临潜在远程代码执行风险。漏洞利用成熟度被评估为“高”,且利用预测评分系统(EPSS)显示攻击概率高达 94.4%,表明该组件已成为活跃攻击的明确目标。 具体漏洞包括臭名昭著的 Log4Shell(CVE-2021-44228,CVSS 10.0)、CVE-2021-45046 以及一个更早的 CVE-2017-5645(CVSS 9.8)。报告明确指出,这些漏洞均...
A critical security alert has been flagged for the widely used Apache Log4j logging library. The specific version `log4j-core-2.8.2.jar` contains two severe vulnerabilities, with the highest-rated flaw, CVE-2021-44228, scoring a maximum 10.0 on the CVSS severity scale. This represents an immediate and severe risk to an...
A critical vulnerability, CVE-2021-45046, has been detected in the Apache Log4j library version 2.8.2. This flaw represents an incomplete fix for the previously disclosed CVE-2021-44228 (Log4Shell), meaning systems that believed they were patched by upgrading to version 2.15.0 may still be exposed under specific condit...
A critical security alert has been triggered for the Apache Log4j library version 2.8.2, exposing systems to two severe vulnerabilities with the highest possible severity rating of 10.0 on the CVSS scale. The findings, flagged in a software dependency scan, indicate a direct and exploitable weakness in a foundational l...
Apache Log4j 2.8.2 版本的核心库 `log4j-core-2.8.2.jar` 被安全扫描工具标记为存在两个严重漏洞,其中 CVE-2021-44228 的 CVSS 评分达到最高的 10.0 分,意味着其可利用性和潜在影响均为最高级别。另一个漏洞 CVE-2021-45046 的 CVSS 评分也高达 9.0 分。这两个漏洞的利用成熟度均被评估为“高”,且 EPSS(漏洞利用预测评分系统)概率均超过 94%,表明其在野外被利用的风险极高。 这两个漏洞均直接影响 `log4j-core-2.8.2.jar` 库。CVE-2021-44228 的修复版本包括 `log4j-core` 的 2.3.1、2.12.2 ...
A critical, high-severity vulnerability in Apache Log4j 2.x allows remote attackers to execute arbitrary code on affected systems. The flaw, tracked as CVE-2017-5645, carries a CVSS score of 9.8 and specifically impacts versions before 2.8.2. The vulnerability resides in the TCP and UDP socket server components used to...
A critical security alert has been triggered by Snyk, identifying three active vulnerabilities within a widely used Apache Log4j dependency. The automated security platform has issued a pull request demanding an immediate upgrade of the `org.apache.logging.log4j:log4j-core` library from version 2.17.1 to the patched 2....
A newly disclosed vulnerability in Apache Log4j 2.x threatens to corrupt or silently drop critical log data, undermining system observability and compliance. The flaw, tracked as CVE-2026-34480, resides in the framework's XmlLayout component. In versions up to and including 2.25.3, this component fails to sanitize char...
A newly identified medium-severity vulnerability, CVE-2026-34480, has been detected in a widely used Apache Log4j component. The flaw is present in the `log4j-core-2.11.2.jar` library, a core part of the Apache Log4j logging framework. This specific vulnerable instance was found within a project's dependency tree, intr...
Apache Log4j 2.15.0 版本针对 CVE-2021-44228(Log4Shell)的修复被发现存在缺陷,未能完全阻断攻击路径。在特定的非默认配置下,攻击者仍可利用 JNDI 查找模式构造恶意输入数据,从而可能导致信息泄露,并在某些环境中实现远程代码执行。这一后续漏洞被追踪为 CVE-2021-45046,其严重性等级同样被评定为“严重”。 受影响的软件包为 `org.apache.logging.log4j:log4j-core`,版本 2.15.0 及更早版本均存在风险。Apache 基金会已发布补丁版本 2.16.0(对于 Java 8 及更高版本)和 2.12.2(对于 Java 7),以彻底解决此问题。该...
A critical security remediation has exposed a shop module running on a dangerously outdated and vulnerable version of Apache Log4j. The module was found to be using log4j-core version 2.6.1, a version susceptible to multiple severe, actively exploited vulnerabilities, including the infamous Log4Shell (CVE-2021-44228). ...
A security scan of project dependencies has flagged log4j-core-2.6.1.jar as harboring three critical vulnerabilities, with the highest reaching a CVSS score of 10.0—the maximum possible severity rating. The most dangerous flaw, CVE-2021-44228 (widely known as Log4Shell), carries an exploit probability of 94.358% and ha...
A critical vulnerability in Apache Log4j has persisted despite an initial remediation effort, raising serious concerns for organizations relying on the widely deployed logging library. Security scans have identified CVE-2021-45046 in log4j-core-2.8.2.jar, marking the vulnerability as Critical severity and signaling tha...
A critical vulnerability tracked as CVE-2021-45046 has exposed an incomplete fix for the notorious Log4Shell vulnerability in Apache Log4j, leaving systems at risk of remote code execution even after organizations applied initial patches. Rated at CVSS 9.0 severity, the flaw affects org.apache.logging.log4j:log4j-core ...