Log4Shell (CVE-2021-45046)
- Risk:
High
- Type:
- Active
- CWE:
- CWE-117
- Summary
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.
- Solution
Upgrade Log4j2 to version 2.17.1 or newer.
Free security scan for your website