CVE-2021-44228 (Log4Shell) — Field Notes from a Focused Web-App Review
Introduction In late 2021 I revisited one of our Java web applications to validate exposure to Log4Shell. My goal was pragmatic: verify if any user-controlled input was reaching Log4j without stric...