Our great sponsors
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
We couldn't figure out the actual network bypass for this one, so it's not included in the post (even though it's in the CVE). It's gotta be in this function[0] though, and if you have any notes we'd appreciate if you shared any notes with us!
Also, we just released v1.4 of the Log4Shell CLI tool for detecting + patching this vuln. Feel free to check that out on GitHub[1]. It's got a ton of improvements from the last release.
0: https://github.com/apache/logging-log4j2/blob/master/log4j-c...
1: https://github.com/lunasec-io/lunasec/releases/
We couldn't figure out the actual network bypass for this one, so it's not included in the post (even though it's in the CVE). It's gotta be in this function[0] though, and if you have any notes we'd appreciate if you shared any notes with us!
Also, we just released v1.4 of the Log4Shell CLI tool for detecting + patching this vuln. Feel free to check that out on GitHub[1]. It's got a ton of improvements from the last release.
0: https://github.com/apache/logging-log4j2/blob/master/log4j-c...
1: https://github.com/lunasec-io/lunasec/releases/