Apache Software Foundation Apache Log4J vulnerabilities

CVE-2023-26464 [HIGH] CWE-502 CVE-2023-26464: ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie, deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the vi

CVE-2021-45046 [CRITICAL] CWE-917 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configurati

CVE-2017-5645 [CRITICAL] CWE-502 CVE-2017-5645: In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive s In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.