log4jshell-pdf
log4j2-without-jndi
log4jshell-pdf | log4j2-without-jndi | |
---|---|---|
2 | 1 | |
153 | 60 | |
- | - | |
0.0 | 0.0 | |
over 2 years ago | over 2 years ago | |
Java | Shell | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
log4jshell-pdf
-
Analysis of the 2nd Log4j CVE published earlier (CVE-2021-45046 / Log4Shell2)
https://github.com/eelyvy/log4jshell-pdf/blob/main/pom.xml#L...
So, for others out there that find this: just because you're using `PDFBox` does not necessarily mean that you are also using `log4j`, and therefore likely vulnerable to this latest issue.
log4j2-without-jndi
-
Analysis of the 2nd Log4j CVE published earlier (CVE-2021-45046 / Log4Shell2)
What about this patch https://github.com/zhangyoufu/log4j2-without-jndi/blob/maste... of removing JndiLookup.class , seems still right
What are some alternatives?
log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
log4shell-ldap - A tool for checking log4shell vulnerability mitigations
ysoserial - A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.
lunasec - LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Apache Log4j 2 - Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell