The version 2.0.14 has no vulnerabilities at the time of this post.
1 2 3 4 5 6
{ "coordinates": "pkg:nuget/log4net@2.0.14", "description": "log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime", "reference": "https://ossindex.sonatype.org/component/pkg:nuget/log4net@2.0.14?utm_source=postmanruntime&utm_medium=integration&utm_content=7.28.4", "vulnerabilities": [] }
{ "coordinates": "pkg:nuget/log4net@1.2.10", "description": "log4net is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent log4j framework to the .NET runtime", "reference": "https://ossindex.sonatype.org/component/pkg:nuget/log4net@1.2.10?utm_source=postmanruntime&utm_medium=integration&utm_content=7.28.4", "vulnerabilities": [ { "id": "c4ac70fa-d3ce-4153-b4e9-e1a9d193be8c", "displayName": "CVE-2018-1285", "title": "[CVE-2018-1285] Apache log4net before 2.0.8 does not disable XML external entities when parsing ...", "description": "Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users.", "cvssScore": 9.8, "cvssVector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "cve": "CVE-2018-1285", "reference": "https://ossindex.sonatype.org/vulnerability/c4ac70fa-d3ce-4153-b4e9-e1a9d193be8c?component-type=nuget&component-name=log4net&utm_source=postmanruntime&utm_medium=integration&utm_content=7.28.4", "externalReferences": [ "https://nvd.nist.gov/vuln/detail/CVE-2018-1285" ] } ] }