Apache Log4j 2.0-alpha1 < 2.25.4 XmlLayout 无效 XML 输出 (CVE-2026-34480)

版本 1.4

Apr 27, 2026, 11:43 AM

CVSS metrics ("CVSSv2 score" set to 7.8)
CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N")
CVSS metrics ("CVSSv3 score" set to 7.5)
CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N")
CVSSv2 severity (based on CVE-2026-34480, severity increased from "Medium" to "High")
CVSSv3 severity (based on None, severity increased from "Medium" to "High")