RCE in Log4j

Posted on December 09, 2021 in Software Frameworks, Libraries, and Components

Summary

A remote code execution vulnerability has been found in the popular Java logging library Log4j. This issue is easily exploited in common configurations, and has been assigned a bug alert severity of 'critical'.

Details

On Tuesday, December 9th, 2021, a security researcher posted a screenshot and proof-of-concept code for executing an RCE against the latest available build of the popular Java logging library, Log4j. For up-to-date information, please visit https://www.lunasec.io/docs/blog/log4j-zero-day/.

Java Log4j Critical Severity


Additional vulnerability discussion can be found on GitHub.
Have information to contribute? Make a pull request!