Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Apache Log4j utility zero-day RCE exploit

Started by zappaDPJ, December 11, 2021, 12:39:32 PM

Previous topic - Next topic


QuoteA zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).

This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible. The latest version can already be found on the Log4j download page.

This may well have repercussions for anyone running Sphinx, Elasticsearch or anything else that comes bundled with Apache Log4j 2.