Spring Boot Log4j - CVE-2021-44228

less than 1 minute read

Description

The Log4Shell vulnerability (CVE-2021-44228) ultimately is a quite simple JNDI Injection flaw, but in a really really bad place. Log4J will perform a JNDI lookup() while expanding placeholders in logging messages (or indirectly as parameters for formatted messages) - readmore PSA: Log4Shell and the current state of JNDI injection.

For information and setup, let’s navigate to my github repository Spring Boot Log4j - CVE-2021-44228

References