Help! I am Log4Shell-shocked and worried about my use of log4J
Worried about the 0-day exploit in the popular log4J(version2) called log4Shell that allows for Remoted Code Execution (RCE?)
How can I automatically find vulnerable open source
packages in my software?
The zero-day exploit of the widely-used library log4j (“Log4Shell”, CVE-2021-44228) has many orgs thinking about how they can find open source vulnerabilities automatically before they read about it in the news. SOOS’s affordable SCA solution can tell your team exactly that, and with our low-friction sign-up you’ll know what your open source exposure is in minutes.
A zero day vulnerability being referred to as “Log4Shell” (CVE-2021-44228) was first discovered on December 9th, 2021
This vulnerability allows for unauthenticated remote code execution and can be weaponized to allow the complete takeover of a vulnerable system.WE CAN HELP!
log4j is a wildly popular Java logging library
Apple’s iCloud, Twitter, Tesla, Amazon, Cloudflare, and Minecraft all use it. In fact, hackers were able to quickly and easily gain access to Minecraft servers by crafting a special message in the chat box.
How bad is it?
Log4Shell scored a perfect 10 (i.e. the most severe) on the Common Vulnerability Scoring System (CVSS) rating. The Dept of Homeland Security has even issued a warning about it. Part of what makes it so severe is that it is a “low skilled attack that is simple to execute.”.