News
In this blog post, I look at Log4j ‘s overloaded Logger.log methods and java.util.logging ‘s overloaded Logger.log methods. The next example is a little contrived, but should suffice.
Log4J is an open source Java-based logging tool available from Apache. It has the ability to perform network lookups using the Java Naming and Directory Interface to obtain services from the ...
The issues involve several features of the logging software, including the Java Naming and Directory Interface (JDNI) and JMSAppender event messages, both of which allow remote code execution.
Amazon Web Services (AWS) has updated the 'detectors' in its CodeGuru Reviewer tool to seek out log injection flaws like the recently disclosed Log4Shell bug in the popular Java logging library Log4J.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback