Apache Log4j 漏洞列表

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

LangFlow 是一款基于 Python 的低代码可视化 AI 应用构建工具，专注于多智能体人工智能（Multi-Agent AI）、提示工程（Prompt Engineering）和检索增强生成（RAG, Retrieval-Augmented Generation）应用的开发。1.3.0之前的Langflow版本存在远程代码执行漏洞，攻击者可以通过/api/v1/validate/code端点发送精心构造的HTTP请求，执行任意代码。

Apache log4j2存在远程代码执行漏洞，此漏洞是缺乏校验导致的。

Apache log4j2存在远程代码执行漏洞，此漏洞是缺乏校验导致的。

Apache log4j2存在远程代码执行漏洞，此漏洞是缺乏校验导致的。

Apache Log4j2是一款优秀的Java日志框架。由于Apache Log4j2某些功能存在递归解析功能，攻击者可直接构造恶意请求，触发远程代码执行漏洞。漏洞利用无需特殊配置，经验证，Apache Struts2、Apache Solr、Apache Druid、Apache Flink等均受影响。