This page collects WhisperX intelligence signals tagged #Log4Shell. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security exposure has been identified in a live software project, pinpointing the use of a vulnerable version of Apache Log4j. The library `log4j-core-2.8.2.jar` is flagged with two severe vulnerabilities, including the infamous Log4Shell flaw (CVE-2021-44228) rated at the maximum CVSS score of 10.0. This fi...
A direct dependency scan has flagged the Apache Log4j library version 2.8.2 as containing two critical, actively exploitable vulnerabilities. The most severe, CVE-2021-44228, carries a maximum CVSS severity score of 10.0, indicating a flaw that is trivial to exploit and can lead to complete system compromise. The secon...
A critical security scan has flagged the Apache Log4j library version 2.6.1 as containing three severe vulnerabilities, including the infamous Log4Shell flaw with a maximum CVSS score of 10.0. This finding indicates that software projects still relying on this outdated and vulnerable version are exposed to immediate an...
A critical vulnerability in Apache Log4j 2, designated CVE-2021-44228, exposes countless systems to remote code execution. The flaw resides in the library's JNDI lookup feature, allowing attackers who can control log messages or parameters to execute arbitrary code loaded from external LDAP and other JNDI-related endpo...
A critical vulnerability, CVE-2021-45046, has been detected in the Apache Log4j library version 2.6.1. This flaw represents an incomplete fix for the previously disclosed CVE-2021-44228 (Log4Shell), meaning systems thought to be patched may still be exposed to remote code execution. The vulnerability resides specifical...
A critical vulnerability in the ubiquitous Apache Log4j logging library has been detected, exposing countless applications to potential remote code execution. The flaw, tracked as CVE-2021-44228, resides in versions 2.0-beta9 through 2.15.0, excluding specific security patches. The vulnerability is in the library's JND...
A direct project dependency on the outdated `log4j-core-2.8.2.jar` library exposes a system to two critical, actively exploitable vulnerabilities, including the infamous Log4Shell flaw with a maximum CVSS score of 10.0. This finding, surfaced by automated security scanning, indicates a severe and immediate risk of remo...
一份来自代码依赖扫描的报告揭示了关键风险:一个广泛使用的日志组件 `log4j-core-2.6.1.jar` 中同时存在三个已公开的高危漏洞,其中最高严重性评分为CVSS 10.0满分。这意味着任何仍在使用此版本库的软件项目,其系统都面临着被远程代码执行的直接威胁。漏洞利用成熟度被标记为“高”,且利用预测评分(EPSS)高达94.4%,表明攻击活动极有可能正在发生。 涉事库为Apache软件基金会的Log4j 2核心实现。报告明确指出,三个漏洞均为“直接”依赖引入。除了臭名昭著的Log4Shell(CVE-2021-44228,CVSS 10.0)外,还包括CVE-2021-45046以及一个更早的CVE-2017-5645(C...
A critical security scan reveals that the widely used Apache Log4j library version 2.6.1 contains three severe vulnerabilities, including the infamous Log4Shell flaw rated with a maximum CVSS score of 10.0. This finding indicates that systems still relying on this outdated version remain actively exposed to remote code...
一份来自 GitHub 依赖扫描的自动化报告揭示,一个广泛使用的旧版 Apache Log4j 核心库 jar 文件内嵌了三个已知的严重漏洞,其中 CVE-2021-44228(Log4Shell)的 CVSS 评分高达满分 10.0。该漏洞的利用成熟度被评估为“高”,且 EPSS(漏洞被利用概率评分)高达 94.4%,表明其被主动利用的风险极高。这份报告直接指向项目依赖文件 `/pom.xml` 中引用的 `log4j-core-2.6.1.jar`,意味着任何仍在使用此版本的项目都暴露在远程代码执行的严重威胁之下。 报告详细列出了三个漏洞:除了臭名昭著的 Log4Shell (CVE-2021-44228),还包括 CVE-2...
A critical, actively exploitable vulnerability has been detected within a software project's core dependencies. The flaw, identified as CVE-2021-44228, resides in the Apache Log4j library version 2.6.1, a ubiquitous logging component used across millions of applications worldwide. This is not a theoretical threat; the ...
A critical vulnerability, CVE-2021-45046, has been detected in the Apache Log4j library version 2.8.2. This flaw represents a severe failure of the initial patch for the infamous Log4Shell vulnerability (CVE-2021-44228), leaving systems that were thought to be patched still dangerously exposed. The incomplete fix in ve...
A critical vulnerability in the ubiquitous Apache Log4j logging library has been detected, exposing countless systems to remote code execution. The flaw, tracked as CVE-2021-44228, resides in versions 2.0-beta9 through 2.15.0 (excluding specific security patches). The vulnerability allows an attacker who can control lo...
A critical, actively exploitable remote code execution vulnerability has been identified in Apache Log4j2, one of the most ubiquitous logging libraries in the Java ecosystem. Designated CVE-2021-44228, this flaw allows attackers who can control log messages or parameters to execute arbitrary code on affected systems. T...
一个关键的软件供应链警报:在广泛使用的 Apache Log4j 2.6.1 版本中发现了三个严重漏洞,其中 CVE-2021-44228 的 CVSS 风险评分达到最高的 10.0 分。该漏洞的利用成熟度被评估为“高”,且 EPSS(漏洞利用预测评分系统)评分高达 94.4%,表明其在野外被利用的可能性极高。这些漏洞存在于 `log4j-core-2.6.1.jar` 文件中,属于直接依赖,影响范围可能波及全球无数依赖此日志框架的 Java 应用程序和企业系统。 此次发现的漏洞并非孤立事件。除了臭名昭著的 Log4Shell (CVE-2021-44228) 外,该版本还包含另外两个高危漏洞:CVE-2017-5645(CVSS...
A critical vulnerability in the ubiquitous Apache Log4j logging library has been disclosed, posing a severe and immediate risk of remote code execution across countless applications and services. Designated CVE-2021-44228, the flaw resides in versions 2.0-beta9 through 2.15.0, excluding specific security patches. The v...
A critical vulnerability, CVE-2021-45046, has been detected in the `log4j-core-2.8.2.jar` library. This finding reveals that the original patch for the infamous Log4Shell flaw (CVE-2021-44228) was incomplete, leaving systems vulnerable under specific, non-default logging configurations. The flaw resides in Apache's wid...
A critical vulnerability, CVE-2021-45046, has been detected in the widely used Apache Log4j logging library, specifically in version 2.6.1. This is not a new flaw but a dangerous revelation that the original emergency patch for the infamous Log4Shell vulnerability (CVE-2021-44228) was incomplete. The incomplete fix in ...
A critical security scan has exposed a foundational library within a key management service, revealing a staggering 80 distinct vulnerabilities. The most severe flaw carries a maximum CVSS severity score of 9.8, indicating a critical risk of remote code execution or system compromise. This vulnerable component, `kernel...
一份来自 GitHub 依赖扫描的报告显示,一个仍在使用的旧版本 Apache Log4j 库(log4j-core-2.6.1.jar)内嵌了三个已知高危漏洞,其中 CVE-2021-44228 的 CVSS 评分高达 10.0 分,且漏洞利用成熟度被评估为“高”。该漏洞即臭名昭著的 Log4Shell,允许攻击者通过日志消息远程执行任意代码,曾引发全球性安全危机。报告同时指出,该库还包含 CVE-2017-5645(CVSS 9.8 分)等历史漏洞,表明相关项目或系统长期未进行安全更新。 该漏洞发现于一个示例项目的依赖文件路径中(/target/classes/META-INF/maven/org.whitesource/lo...