The vulnerability’s discovery is credited to researchers at LunaSec and Alibaba Cloud Security’s Chen Zhaojun. It leverages a widely used Apache-based logging utility, log4j, to log server…
Why it matters: Earlier this week, developers of the open-source security platform LunaSec discovered a zero-day vulnerability affecting a widely used Java-based logging library. The vulnerability, identified in a blog post as Log4Shell (CVE-2021-44228), can give third parties the ability to execute malicious code on vulnerable systems. The vulnerability’s discovery is credited to researchers at LunaSec and Alibaba Cloud Security’s Chen Zhaojun. It leverages a widely used Apache-based logging utility, log4j, to log server data with malicious payloads that trigger a series of actions to inject a secondary payload.
