apache-log4j-poc
go-cache
apache-log4j-poc | go-cache | |
---|---|---|
3 | 8 | |
105 | 7,839 | |
- | - | |
3.8 | 0.0 | |
over 2 years ago | 5 months ago | |
Java | Go | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
apache-log4j-poc
-
2021-12-10 - Cool Query Friday - Hunting Apache Log4j CVE-2021-44228 (Log4Shell)
Proof of Concept
-
Log4j 0day being exploited
Exploit: https://github.com/tangxiaofeng7/apache-log4j-poc
-
Log4j RCE Found
Are there any mitigations in recent JVMs?
I tried reproducing this, and got the POC to hit the LDAP server, but it wouldn't load the test payload.
See also:
- https://github.com/tangxiaofeng7/apache-log4j-poc
go-cache
-
My first package in go. An in-memory cache package useful when creating multiple instances of the cache
Why I am creating this package? There is an already existing memory cache package which creates (One Janitor for One Cache) So I am running into issues where many go routines are running in our use cases causing the application to crash due to some memory leakage in the library itself or maybe multiple timers running at same time casuing the issue. Also this is a very popular github library but just doesn't fits when I am creating many cache instances. So thought about creating one package by myself.
-
VCache vs Go-Cache
I wrote a new library called VCache (https://github.com/microup/vcache). VCahce differs from go-cache (https://github.com/patrickmn/go-cache) by using a key of type "any" instead of a key of type "string". I compared the performance of both libraries on the main operations: Add, Get, and Delete.
-
Better Cache - A Lightning Fast Caching System with Full Text Search
https://github.com/patrickmn/go-cache is a well known one. My cache module is for it's fast full text search thus I recommend only using mine if u are using a pre-set cache.
-
go-cache VS ccache - a user suggested alternative
2 projects | 2 Apr 2022
-
Implement an in-memory cache in Golang
github.com - patrickmn/go-cache
-
Log4j RCE Found
> when they went a year without a release.
Cause these libraries depend on other libraries that are probably extremely out of date at that point and have their own security vulnerabilities.
An example of a project that hasn't been dismissed as "abandoned", is https://github.com/patrickmn/go-cache because it explicitly doesnt have dependencies.
So yeah, if you have a semi-complex library, a year without a release is abandoned.
-
Cache locally using text file
implementing runtime cache using map seems doable, i may just learn from github.com/patrickmn/go-cache but i dont understand what does it mean cache locally using text file. does it mean I have to:
-
In-memory caching solutions
Though pretty simple but have a look at https://github.com/patrickmn/go-cache
What are some alternatives?
nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
BigCache - Efficient cache for gigabytes of data written in Go.
rogue-jndi - A malicious LDAP server for JNDI injection attacks
groupcache - groupcache is a caching and cache-filling library, intended as a replacement for memcached in many cases.
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
GCache - An in-memory cache library for golang. It supports multiple eviction policies: LRU, LFU, ARC
log4shell_ioc_ips - log4j / log4shell IoCs from multiple sources put together in one big file (IPs) more coming soon (CVE-2021-44228)
badger - Fast key-value DB in Go.
CVE-2021-44228-Scanner - Vulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
cache2go - Concurrency-safe Go caching library with expiration capabilities and access counters
CVE-2021-44228-Log4Shell-Hashes - Hashes for vulnerable LOG4J versions
goose