Skip to main content

Apache Log4J Json Template Layout

1 CVEs product

Monthly

CVE-2026-34481 Maven MEDIUM PATCH GHSA This Month

Apache Log4j JsonTemplateLayout versions up to 2.25.3 generate invalid JSON when logging non-finite floating-point values (NaN, Infinity, -Infinity), violating RFC 8259 and causing downstream log processing systems to fail indexing or reject records. An unauthenticated remote attacker can trigger this by controlling floating-point values in MapMessages logged by vulnerable applications, resulting in data loss or processing failures in log aggregation pipelines. Vendor-released patch: version 2.25.4.

Apache Information Disclosure Apache Log4J Json Template Layout
NVD GitHub VulDB HeroDevs
CVSS 4.0
6.3
EPSS
0.1%
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Apache Log4j JsonTemplateLayout versions up to 2.25.3 generate invalid JSON when logging non-finite floating-point values (NaN, Infinity, -Infinity), violating RFC 8259 and causing downstream log processing systems to fail indexing or reject records. An unauthenticated remote attacker can trigger this by controlling floating-point values in MapMessages logged by vulnerable applications, resulting in data loss or processing failures in log aggregation pipelines. Vendor-released patch: version 2.25.4.

Apache Information Disclosure Apache Log4J Json Template Layout
NVD GitHub VulDB HeroDevs

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy