Maven package
org.apache.logging.log4j/log4j-layout-template-json
pkg:maven/org.apache.logging.log4j/log4j-layout-template-json
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-34481 | Hig | 7.5 | >= 2.14.0, < 2.25.4 | 2.25.4 | Apr 10, 2026 | Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohib |
- affected >= 2.14.0, < 2.25.4fixed 2.25.4
Apache Log4j's JsonTemplateLayout https://logging.apache.org/log4j/2.x/manual/json-template-layout.html , in versions up to and including 2.25.3, produces invalid JSON output when log events contain non-finite floating-point values (NaN, Infinity, or -Infinity), which are prohib