CVE-2025-54813

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON message. This may prevent applications that consume these logs from correctly interpreting the information within them. This issue affects Apache Log4cxx: before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

Improper Output Neutralization for Logs vulnerability in Apache Log4cxx. When using JSONLayout, not all payload bytes are properly escaped. If an attacker-supplied message contains certain non-printable characters, these will be passed along in the message and written out as part of the JSON message. This may prevent applications that consume these logs from correctly interpreting the information within them. This issue affects Apache Log4cxx: before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue.

Vulnerabilidad de neutralización de salida incorrecta para registros en Apache Log4cxx. Al usar JSONLayout, no todos los bytes del payload se escapan correctamente. Si un mensaje proporcionado por un atacante contiene caracteres no imprimibles, estos se pasarán en el mensaje y se escribirán como parte del mensaje JSON. Esto puede impedir que las aplicaciones que consumen estos registros interpreten correctamente la información que contienen. Este problema afecta a Apache Log4cxx: versiones anteriores a la 1.5.0. Se recomienda actualizar a la versión 1.5.0, que soluciona el problema.