There’s an enormous amount of software vulnerable to the Log4j bug through Java software supply chains — and administrators and security pros likely don’t even know where to look for it.

The bug, CVE-2021-44228, affects a Java logging package called log4j. It was revealed Thursday by Lunasec and on Friday by Huntress Labs, and is already being exploited, according to an alert from ...

Over 80% of Java packages stored on Maven Central Repository have Log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google's Open Source ...

One of the reasons why Log4j vulnerabilities are still lingering is because the flaw could be deeply ingrained in applications, to the extent that it might not even be clear that the Java logging ...

What Kind of Vulnerability Affects Log4j in Java? The vulnerability was in a commonly used remote logging tool called Log4j, which can be targeted by remote code execution. The tool, managed by the ...

Critical flaw in the H2 open-source Java SQL database are similar to the Log4J vulnerability, but do not pose a widespread threat. Researchers discovered a bug related to the Log4J logging library ...

The Java security specialists at Dublin-based Waratek have released a new Log4J Vulnerability Scanner and added API security to their Java Security Platform, the company announced recently. The ...

The Log4j flaw (CVE-2021-44228), commonly referred to as Log4Shell, exists in Log4j's Java Naming and Directory Interface (JNDI) function for data storage and retrieval.

COMPANY NEWS: Since the first vulnerability in the Apache Foundation’s Log4j logging tool was revealed on 10 December, three sets of fixes to the Java library have been released as additional ...

As of Tuesday the latest version of Log4j that should be in systems running Java 8 is 2.17.1. That’s the fifth vulnerability revealed since December 9th.