Apache Log4cxx
4 CVEs affecting Apache Log4cxx. Latest disclosed: 2026-04-10. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-31038 | High | 8.8 | 2023-05-08 | SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injecti… |
CVE-2025-54813 | High | 7.5 | 2025-08-22 | Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-sup… |
CVE-2025-54812 | Medium | 5.4 | 2025-08-22 | Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the… |
CVE-2026-40023 | Medium | 5.3 | 2026-04-10 | Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize charac… |