There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.

”因此，虽然 Log4j 漏洞的爆发已过去一年，建议开发者可排查在 Java 应用中是否引入了 Log4j 组件，若存在则立即进行安全排查并升级至安全版本。

Attackers are actively exploiting a critical vulnerability in Apache Log4j, a logging library that’s used in potentially millions of Java-based applications, including web-based ones.

A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on ...

IT之家 12 月 13 日消息，最近的Log4j 漏洞想必大家都知道了，11 月 9 日晚，开源项目 Apache Log4j 2 的一个远程代码执行漏洞的利用细节被公开，随后该 ...

As many Java-based applications can leverage Log4j 2 directly or indirectly, organizations should contact application vendors or ensure their Java applications are running the latest up-to-date ...

Months on from a critical zero-day vulnerability being disclosed in the widely-used Java logging library Apache Log4j, a significant number of applications and servers are still vulnerable to ...

Royce Williams, who works for cyber security company Alaskan Cyber Watch, has released a cheat sheet about the zero-day vulnerability 'Log4Shell ' discovered in Java's log output library Log4j ...

COMPANY NEWS: Since the first vulnerability in the Apache Foundation’s Log4j logging tool was revealed on 10 December, three sets of fixes to the Java library have been released as additional ...

A critical flaw in a popularly used Java library is being exploited by malicious actors to deliver malware, while security researchers are scanning for vulnerable servers.