Severity: 6.8
Affected versions:
- Apache Log4cxx 0.9.0 before 1.1.0
Description:
SQL injection in Log4cxx when using the ODBC appender to send log messages to a
database. No fields sent to the database were properly escaped for SQL
injection. This has been the case since at least version 0
Thanks Piotr!
Gary
On Sat, May 6, 2023, 15:16 Piotr P. Karwasz wrote:
> The Apache Log4j 2 team is pleased to announce the Apache Log4j
> Transformation Tools 0.1.0 release!
>
> Apache Log4j Transformation Tools is a subproject of Apache Log4j that
> provides binary manipulation tools for Log4j
