Blog | G5 Cyber Security

Log4j 2.17.1 out now, fixes new remote code execution bug

Apache has released another Log4j version, 2.17.1, fixing a newly discovered remote code execution (RCE) vulnerability in 217.0, tracked as CVE-2021-44832. The vulnerability stems from the lack of additional controls on JDNI access in log4j. Security researcher Yaniv Nizry claimed credit for reporting the vulnerability to Apache: “Stay tuned for a blogpost 😉 pic.com/D56WpWpVsuF3” Security expert Kevin Beaumont labeled the instance another “failed Log4J disclosure in motion” during the holidays.”]

Source: https://www.bleepingcomputer.com/news/security/log4j-2171-out-now-fixes-new-remote-code-execution-bug/

Exit mobile version