pkg:Debian/apache-log4j2

All known vulnerabilities

• CRITICAL10.0CVE-2021-44228⚠ KEVapache-log4j2 - security update
  from 0, < 2.7-2+deb9u1
• CRITICAL10.0CVE-2021-44228⚠ KEVapache-log4j2 - security update
  from 0, < 2.15.0-1~deb10u1
• CRITICAL10.0CVE-2021-44228⚠ KEVapache-log4j2 - security update
  from 0, < 2.15.0-1~deb11u1
• CRITICAL9.0CVE-2021-45046⚠ KEVapache-log4j2 - security update
  from 0, < 2.16.0-1~deb10u1
• CRITICAL9.0CVE-2021-45046⚠ KEVapache-log4j2 - security update
  from 0, < 2.16.0-1~deb11u1
• CRITICAL9.8CVE-2017-5645Deserialization of Untrusted Data in Log4j
  from 0, < 2.7-2
• HIGH8.6CVE-2021-45105apache-log4j2 - security update
  from 0, < 2.17.0-1~deb10u1
• HIGH8.6CVE-2021-45105apache-log4j2 - security update
  from 0, < 2.17.0-1~deb11u1
• HIGH7.5CVE-2026-34481Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout
  from 0
• HIGH7.5CVE-2026-34479Apache Log4j 1 to Log4j 2 bridge: silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters
  from 0
• HIGH7.5CVE-2026-34480Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters
  from 0
• MEDIUM6.6CVE-2021-44832apache-log4j2 - security update
  from 0, < 2.12.4-0+deb9u1
• MEDIUM6.6CVE-2021-44832apache-log4j2 - security update
  from 0, < 2.17.1-1~deb11u1
• MEDIUM4.8CVE-2025-68161Apache Log4j does not verify the TLS hostname in its Socket Appender
  from 0, < 2.17.1-1~deb11u2
• MEDIUM4.8CVE-2025-68161Apache Log4j does not verify the TLS hostname in its Socket Appender
  from 0, < 2.17.1-1~deb11u2
• LOW3.7CVE-2020-9488apache-log4j2 - security update
  from 0, < 2.12.3-0+deb9u1
• LOW3.7CVE-2020-9488apache-log4j2 - security update
  from 0, < 2.13.3-1