It has been a bit serious seeing Log4j in news. You may know , Log4j is a very popular java logging library that we can use for logging stuff from our code. So you can log things to a file like when something goes wrong, error messages, debug messages and then you can look up log files later and troubleshoot, jst typical stuff.

Log4j has been doing its job pretty well for many many years now but there was a dark secret hidden under the surface. A major security vulnerability that is now identified by Chen Zhaojun of Alibaba Cloud Security team. It is a critical vulnerability which affects Apache Log4j 2 versions 2.0 to 2.14.1. Apache software foundation has assigned the maximum CVSS (Common Vulnerability Scoring System) severity rating of 10.

The vulnerability allows unathenticated Remote Code execution. Any java application that uses Log4j can be hacked. That is anything lower than recently patched version of Log4j which is 2.16 .

So this is actually resulted in enterprises racing to patch their Log4j versions and deploy newest version. In the next blog, we will see, how can we exploit Log4j vulnerability.

Stay tuned!