log4j-log4shell-affected
Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability (by authomize)
spring4shell
Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework (by NCSC-NL)
| log4j-log4shell-affected | spring4shell | |
|---|---|---|
| 3 | 4 | |
| 53 | 175 | |
| - | 0.0% | |
| 0.0 | 1.5 | |
| over 2 years ago | about 1 year ago | |
| Python | ||
| - | - |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4j-log4shell-affected
Posts with mentions or reviews of log4j-log4shell-affected.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-02.
-
Known applications that use Spring Framework
When Log4J hit, someone had the forethought to publish a list of affected applications on GITHUB.
- Given the recent Log4J exploit, what widely used linux apps should we be careful with until they are patched?
-
US warns hundreds of millions of devices at risk from newly revealed software vulnerability
That being said, I've been keeping an eye out on this Github tracker that consolidates responses from vendors so at least we can see their statements: https://github.com/authomize/log4j-log4shell-affected
spring4shell
Posts with mentions or reviews of spring4shell.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-04-02.
-
Unifi and CVE 2022-22965 - Spring4Shell - RCE
Information about the CVE: https://github.com/NCSC-NL/spring4shell https://www.cisa.gov/uscert/ncas/current-activity/2022/04/01/spring-releases-security-updates-addressing-spring4shell-and
- Known applications that use Spring Framework
- spring4shell: Operational information regarding the Spring4Shell vulnerability in the Spring Core Framework - includes vuln products
-
CyberSecurity 101: Spring4Shell 0-day vulnerability | What is it? | How Do I Mitigate?
The NCSC (dutch national cyber security center) is usually on top of these things, it's constantly updated on their GitHub: https://github.com/NCSC-NL/spring4shell
What are some alternatives?
When comparing log4j-log4shell-affected and spring4shell you can also consider the following projects:
CVE-2021-44228-PoC-log4j-bypass-words - 🐱💻 ✂️ 🤬 CVE-2021-44228 - LOG4J Java exploit - WAF bypass tricks
log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046