VYPR

NuGet package

log4net

pkg:nuget/log4net

Vulnerabilities (3)

  • CVE-2026-40021MedApr 10, 2026
    affected < 3.3.0fixed 3.3.0

    Apache Log4net's XmlLayout https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list and XmlLayoutSchemaLog4J https://logging.apache.org/log4net/manual/configuration/layouts.html#layout-list , in versions before 3.3.0, fail to sanitize characters forbidd

  • CVE-2018-1285May 11, 2020
    affected < 2.0.10fixed 2.0.10

    Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled log4net configuration files.

  • CVE-2006-0743Mar 9, 2006
    affected < 1.2.10fixed 1.2.10

    Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.