Apache Log4j: 1.2.17 → 2.25.4
Apache · upgrade impact · Official site ↗
Fixed by upgrading to 2.25.4 iVulnerabilities that affect 1.2.17 but no longer affect 2.25.4 — the security gain from this upgrade, by exploited status then exploitation probability.
Exploited first, then by exploitation probability (EPSS).
CVE-2019-17571 CRITICAL EPSS 69% ✓ cleared in 2.25.4 CVE-2022-23305 CRITICAL EPSS 67% ✓ cleared in 2.25.4 CVE-2022-23302 HIGH EPSS 62% ✓ cleared in 2.25.4 CVE-2022-23307 HIGH EPSS 52% ✓ cleared in 2.25.4 CVE-2020-9493 CRITICAL EPSS 5% ✓ cleared in 2.25.4 CVE-2023-26464 HIGH EPSS 2% ✓ cleared in 2.25.4