General

log4shell – Log4j2 has major security problem (CVE-2021-44228, CVE-2021-45105, CVE-2021-44832)

log4j-core until version 2.15.0 has a major security leak that can be exploited by sending prepared strings that are logged with log4j. Potential candidates would be headers or often also simple form fields that are sent to java backends. The CVE can be found here. With a score of 10/10 this should be addressed as …

log4shell – Log4j2 has major security problem (CVE-2021-44228, CVE-2021-45105, CVE-2021-44832) Read More »