Log4j vulnerabilities detected in Maven Central packages

Log4j Vulnerability Alert: 100s of Exposed Packages Uncovered in Maven Central

The high risk associated with newly discovered vulnerabilities in the highly popular Apache Log4j library – CVE-2021-44228 (also known as Log4Shell) and CVE-2021-45046 – has led to a security frenzy of unusual scale and urgency. Developers and security teams are pressed to investigate the impact of  Log4j vulnerabilities on their software, revealing multiple technical challenges …

Log4shell Vulnerability Explained

Log4j Log4Shell 0-Day Vulnerability: All You Need To Know

Update 12/28/2021 Added: Impact analysis of CVE-2021-44832 Update 12/27/2021 Expanded: Exploiting Log4j2 2.15.0 for remote code execution – new bypass method Update 12/27/2021 Expanded: LOG4J_FORMAT_MSG_NO_LOOKUPS mitigation bypass – more vulnerable configurations Update 12/27/2021 Added: Log4Shell Timeline   Update 12/19/2021 Added: Impact analysis of CVE-2021-45105 Update 12/17/2021 Added: Exploiting Log4j2 2.15.0 for remote code execution (using new mitigation …