Maven package
org.apache.logging.log4j/log4j-1.2-api
pkg:maven/org.apache.logging.log4j/log4j-1.2-api
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34479 | Hig | 7.5 | >= 2.7, < 2.25.4 | 2.25.4 | Apr 10, 2026 | The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downs |
- affected >= 2.7, < 2.25.4fixed 2.25.4
The Log4j1XmlLayout from the Apache Log4j 1-to-Log4j 2 bridge fails to escape characters forbidden by the XML 1.0 standard, producing malformed XML output. Conforming XML parsers are required to reject documents containing such characters with a fatal error, which may cause downs