Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package

[hunkyfunky2]

23 minutes ago, mirchi_bajji said:

perks of using obsolete libraries 

I think it's applicable for v1, right?

[areyentiraidhi]

This exploit is  terrifying man. Most of the developers have no idea that they use it.

 

More systems will come out soon.

Saw on twitter that some of Apple ones are coming out

 

https://twitter.com/i/web/status/1469344690336108544

[areyentiraidhi]

27 minutes ago, hunkyfunky2 said:

I think it's applicable for v1, right?

its from 2.0 and above

 

2.0 <= Apache log4j <= 2.14.1

[areyentiraidhi]

 

https://techcrunch.com/2021/12/10/apple-icloud-twitter-and-minecraft-vulnerable-to-ubiquitous-zero-day-exploit/

A number of popular services, including Apple iCloud, Twitter, Cloudflare, Minecraft and Steam, are reportedly vulnerable to a zero-day exploit affecting a popular Java logging library.

[areyentiraidhi]

this shows on how to reproduce in local