Log4j Log4Shell Vulnerability: All You Need To Know

Log4j Log4Shell Vulnerability: All You Need To Know

Dec 15, 2021

On December 9, 2021, a researcher from the Alibaba Cloud Security Team dropped a zero-day remote code execution exploit on Twitter, targeting the extremely popular log4j logging framework for Java. read more on our blog: https://jfrog.com/blog/log4shell-0-day-vulnerability-all-you-need-to-know/

Since then, the trivially exploitable (weaponized PoCs are available publicly) and extremely popular library has reportedly been massively exploited and has gotten wide coverage on media and social networks.

Join JFrog’s Senior Director Security Research expert Shachar Menashe as he discusses:

  • What is the Log4Shell vulnerability in Log4j and why is it so critical?
  • Under what conditions can the vulnerability be exploited?
  • Mitigation options, including available solutions when a software upgrade is not feasible
  • How to efficiently detect the Log4Shell vulnerability in your software artifacts using JFrog Xray

Start with JFrog Xray for FREE : https://jfrog.com/start-free/