Apache Log4cxx

4 CVEs affecting Apache Log4cxx. Latest disclosed: 2026-04-10. Critical: 0, High: 2.

Top CVEs affecting Apache Log4cxx
CVESeverityScorePublishedSummary
CVE-2023-31038High8.82023-05-08SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injecti…
CVE-2025-54813High7.52025-08-22Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-sup…
CVE-2025-54812Medium5.42025-08-22Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the…
CVE-2026-40023Medium5.32026-04-10Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize charac…