logo

Log4Shell (CVE-2021-45046)

  • Risk:
  • High

  • Type:
  • Active
Summary

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.

Solution

Upgrade Log4j2 to version 2.17.1 or newer.

References

https://www.lunasec.io/docs/blog/log4j-zero-day/

https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Free security scan for your website