VYPR

rpm package

opensuse/log4cxx&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/log4cxx&distro=openSUSE%20Tumbleweed

Vulnerabilities (3)

  • CVE-2026-40023MedApr 10, 2026
    affected < 1.7.0-2.1fixed 1.7.0-2.1

    Apache Log4cxx's XMLLayout https://logging.apache.org/log4cxx/1.7.0/classlog4cxx_1_1xml_1_1XMLLayout.html , in versions before 1.7.0, fails to sanitize characters forbidden by the XML 1.0 specification https://www.w3.org/TR/xml/#charsets in log messages, NDC, and MDC property

  • CVE-2025-54812Aug 22, 2025
    affected < 1.5.0-1.1fixed 1.5.0-1.1

    Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using HTMLLayout, logger names are not properly escaped when writing out to the HTML file. If untrusted data is used to retrieve the name of a logger, an attacker could theoretically inject HTML or Ja

  • CVE-2023-31038May 8, 2023
    affected < 1.1.0-1.1fixed 1.1.0-1.1

    SQL injection in Log4cxx when using the ODBC appender to send log messages to a database.  No fields sent to the database were properly escaped for SQL injection.  This has been the case since at least version 0.9.0(released 2003-08-06) Note that Log4cxx is a C++ framework, s