Primary

Context

Apache Log4cxx Improper Output Neutralization Vulnerability in JSONLayout

Vulnerability

Patched

A vulnerability exists in Apache Log4cxx versions prior to 1.5.0, specifically within the JSONLayout component. The issue arises because certain non-printable characters in attacker-supplied messages are not properly escaped. As a result, these characters can be included in the JSON output, potentially leading to misinterpretation of the log data by applications that process these logs.

Impact

This vulnerability can cause log injection, a common attack vector that obscures malicious activity within an application. By exploiting this issue, an attacker could manipulate log messages in a way that disrupts the intended structure and clarity of the JSON data, making it difficult for log-consuming applications to accurately interpret the information.

Remediation

Users are advised to upgrade to Apache Log4cxx version 1.5.0, which addresses this vulnerability.

Added: Aug 22, 2025, 7:19 PM

Updated: Aug 22, 2025, 7:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.3

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Apache Log4cxx Improper Output Neutralization Vulnerability in JSONLayout

Vulnerability

Impact

Remediation

Affected Products

Apache Log4cxx

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating