log4j-log4shell-affected
Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability (by authomize)
log4j-cve-2021-44228
Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script RHSB-2021-009 Remote Code Execution - log4j (CVE-2021-44228) (by lucab85)
| log4j-log4shell-affected | log4j-cve-2021-44228 | |
|---|---|---|
| 3 | 6 | |
| 53 | 56 | |
| - | - | |
| 0.0 | 3.6 | |
| over 2 years ago | over 2 years ago | |
| - | MIT License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4j-log4shell-affected
Posts with mentions or reviews of log4j-log4shell-affected.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-02.
-
Known applications that use Spring Framework
When Log4J hit, someone had the forethought to publish a list of affected applications on GITHUB.
- Given the recent Log4J exploit, what widely used linux apps should we be careful with until they are patched?
-
US warns hundreds of millions of devices at risk from newly revealed software vulnerability
That being said, I've been keeping an eye out on this Github tracker that consolidates responses from vendors so at least we can see their statements: https://github.com/authomize/log4j-log4shell-affected
log4j-cve-2021-44228
Posts with mentions or reviews of log4j-cve-2021-44228.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-01-07.
-
The Bullhorn #41 (Ansible Newsletter) - Happy Moo year 2022!
Ansible Playbook code available (via Github, Galaxy) to download the detector script (v1.2 released 2021-12-20), validate GPG signature, install dependencies, create work directory, run the detector with the right options and get the results.
- GitHub - lucab85/log4j-cve-2021-44228: Ansible detector scanner playbook to verify target Linux hosts using the official Red Hat Log4j detector script Remote Code Execution - log4j (CVE-2021-44228)
- Ansible Red Hat detector Remote Code Execution – Log4j (CVE-2021-44228)
What are some alternatives?
When comparing log4j-log4shell-affected and log4j-cve-2021-44228 you can also consider the following projects:
CVE-2021-44228-PoC-log4j-bypass-words - 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
antsibull - Tooling for building various things related to ansible
spring4shell - Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework
log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046