Log4j Vulnerability Cheatsheet
Published in
3 min readDec 14, 2021
How it works, where to practice, and how to identify
Description
Java logging library, log4j, has an unauthenticated RCE vulnerability if a user-controlled string is logged. CVE-2021–44228 (Log4Shell)
Affected versions — Apache log4j 2.0-beta9 ≤ 2.14.1