VulnerableCode Package Details - pkg:maven/org.apache.logging.log4j/log4j@2.0-alpha2

Search for packages

Vulnerability	Summary	Fixed by
VCID-bbq3-tx7c-yucn Aliases: CVE-2022-23307 GHSA-f7vh-qwp3-x37m	This advisory has been marked as False Positive and removed.	2.0 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mz9r-j78c-dfe3 Aliases: CVE-2020-9488 GHSA-vwqq-5vrc-xw9h	Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.	2.3.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.12.3 Affected by 0 other vulnerabilities. 2.13.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-bbq3-tx7c-yucn
Aliases:
CVE-2022-23307
GHSA-f7vh-qwp3-x37m

This advisory has been marked as False Positive and removed.

2.0
Affected by 4 other vulnerabilities.

VCID-mz9r-j78c-dfe3
Aliases:
CVE-2020-9488
GHSA-vwqq-5vrc-xw9h

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender prior to version 2.13.2. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender.

2.3.2
Affected by 2 other vulnerabilities.

2.12.3
Affected by 0 other vulnerabilities.

2.13.2
Affected by 2 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:37:45.834358+00:00	GitLab Importer	Affected by	VCID-bbq3-tx7c-yucn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2022-23307.yml	38.4.0
2026-04-16T21:02:51.189790+00:00	GitLab Importer	Affected by	VCID-mz9r-j78c-dfe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml	38.4.0
2026-04-11T22:52:01.642776+00:00	GitLab Importer	Affected by	VCID-bbq3-tx7c-yucn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2022-23307.yml	38.3.0
2026-04-11T22:14:14.036282+00:00	GitLab Importer	Affected by	VCID-mz9r-j78c-dfe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml	38.3.0
2026-04-02T23:01:26.682301+00:00	GitLab Importer	Affected by	VCID-bbq3-tx7c-yucn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2022-23307.yml	38.1.0
2026-04-02T22:26:34.998274+00:00	GitLab Importer	Affected by	VCID-mz9r-j78c-dfe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml	38.1.0
2026-04-01T17:20:17.871448+00:00	GitLab Importer	Affected by	VCID-bbq3-tx7c-yucn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2022-23307.yml	38.0.0
2026-04-01T16:44:30.550294+00:00	GitLab Importer	Affected by	VCID-mz9r-j78c-dfe3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.logging.log4j/log4j/CVE-2020-9488.yml	38.0.0