Log4Shell

lore

securityprogramming

The 2021 vulnerability in the ubiquitous Log4j logging library that let a logged string execute arbitrary code.

Because Log4j is embedded in countless Java applications, a crafted string in something as innocent as a username or user agent could trigger remote code execution almost anywhere. Its reach and severity made it one of the most serious and widespread flaws ever disclosed.

Also known as: Log4Shell, CVE-2021-44228, Log4j vulnerability

Sources

  • CVE-2021-44228; CISA advisory (December 2021)

All glossary entries