VYPR

Maven package

org.apache.logging.log4j/log4j-1.2-api

pkg:maven/org.apache.logging.log4j/log4j-1.2-api

Vulnerabilities (1)

  • CVE-2026-34479HigApr 10, 2026
    affected >= 2.7, < 2.25.4fixed 2.25.4

    The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downs