Log4Shell
loresecurityprogramming
The 2021 vulnerability in the ubiquitous Log4j logging library that let a logged string execute arbitrary code.
Because Log4j is embedded in countless Java applications, a crafted string in something as innocent as a username or user agent could trigger remote code execution almost anywhere. Its reach and severity made it one of the most serious and widespread flaws ever disclosed.
Also known as: Log4Shell, CVE-2021-44228, Log4j vulnerability
Sources
- CVE-2021-44228; CISA advisory (December 2021)