Everything you need to know about Log4shell
(and how to mitigate it)
How to identify log4shell vulnerabilities with SecureStack
SecureStack is the only solution that helps you detect log4j vulnerabilities in your source code AND in your running web applications! That’s right, with one tool you can address log4shell holistically across your SDLC. Check out the video to see how easy it is!
What versions of log4j are vulnerable?
Contrary to what many websites are saying both log4j version 1 (log4j) and version 2 (log4j-core) *are* affected. Maven Central has a great map of what versions of log4j are vulnerable to log4shell and by which CVE. For log4j version 1.x you can find the Maven map here and for log4j version 2.x you can find the Maven map here.
if you need help finding which versions are vulnerable you can scan your web applications and your java source code to see if they are vulnerable. Sign up for a free account at https://app.securestack.com
What CVE’s are involved?
There are five CVE’s involved: