For example, it was found in Minecraft servers which allowed the commands to be typed into chat logs as these were then sent to the logger. This vulnerability in Log4j 2, a very common Java logging library, allows remote code execution, often from a context that is easily available to an attacker. We send our #hugops and best wishes to all of you working on this vulnerability, now going by the name Log4Shell. We know that many of you are working hard on fixing the new and serious Log4j 2 vulnerability CVE-2021-44228, which has a 10.0 CVSS score.
Original post below has now been updated:
For a more complete fix to this vulnerability, it’s recommended to update to Log4j2 2.16.0. An additional issue was identified and is tracked with CVE-2021-45046. As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations.
0 kommentar(er)
