Apache Log4j 2.0-alpha1 < 2.25.4 XmlLayout 无效 XML 输出 (CVE-2026-34480)

版本 1.2

Apr 16, 2026, 7:20 PM

CVSS metrics ("Cvssv4 threat score" set to 6.9)
CVSS metrics ("Cvssv4 threat vector" set to "CVSS:4.0/E:U")
CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C")
CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C")
Exploit attributes ("Exploit available" set to "False")
Exploit attributes ("Exploitability ease" set to "No known exploits are available")