Amazon Web Security has fixed “severe security issues” in hot patches it released last December to address Log4Shell vulnerability in Java applications and containers. Palo Alto Networks’ Unit 42 says every container in a server or cluster environment could exploit the AWS patch to take over its underlying host. Hot patches released by AWS cover stand-alone servers, Kubernetes clusters, Elastic Container Service clusters and Fargate. AWS recommends that customers who run Java applications in containers and use the hot patch or Bottlerocket update to the latest versions of software immediately.”]
Source: https://www.govinfosecurity.com/aws-log4shell-patch-has-severe-security-issues-unit-42-a-18927