#log4J Log4Shell RCE 0-day exploit


If you develop software in Java, you are probably affected. Log4J is a really popular package to deal with logging.

In a nutshell, if an attacker manages to log a specific, crafted string, the library will load code from a random, remote host. Affected are all versions between 2.0 and 2.14.1.

#log4shell

Given how ubiquitous this library is, the impact of this vulnerability is quite severe. Learn how to patch it, why it’s bad, and more in this post.

Source: Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package | LunaSec