Our great sponsors
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
check the article and the comments. The idea is, this thing https://github.com/lunasec-io/lunasec/tree/master/tools/log4shell uses the exploit to prohibit calling the JNDI methods. It uses the exploit to patch the exploit. Definitely make a backup you trust before applying this.
Related posts
- Guys, I taught ChatGPT to browse the internet and it is bloody amazing.
- Malicious Python Packages Replace Crypto Addresses in Developer Clipboards
- Ignore 98% of dependency alerts: introducing Semgrep Supply Chain
- Ask HN: How do you deploy your weekend project in 2022?
- Cdk8s: CNCF-Backed Infrastructure-as-Code (IaC) for Kubernetes