Skip to content

Instantly share code, notes, and snippets.

@magnologan

magnologan/log4j.md

Forked from noperator/log4j.md
Created December 15, 2021 19:49
Show Gist options
  • Save magnologan/d38f6be7da41eceab96e1f6fddf16a78 to your computer and use it in GitHub Desktop.
Save magnologan/d38f6be7da41eceab96e1f6fddf16a78 to your computer and use it in GitHub Desktop.
Download ZIP
Emerging threat details on CVE-2021-44228 in Apache Log4j
Raw
log4j.md

Update: Please see Bishop Fox's rapid response post Log4j Vulnerability: Impact Analysis for latest updates about this vulnerability.

Technologies using Apache Log4j

The Cosmos 🌌 team at Bishop Fox 🦊 is currently researching open-source projects that appear to use Log4j by default.

  • Apache Druid
  • Apache Dubbo
  • Apache Flink
  • Apache Flume
  • Apache Hadoop
  • Apache Kafka
  • Apache Solr
  • Apache Spark
  • Apache Struts
  • Apache Tapestry
  • Apache Wicket
  • Elastic Elasticsearch
  • Elastic Logstash
  • Ghidra
  • Grails
  • Minecraft

The following projects don't appear to use Log4j by default, though they may optionally be configured to use it.

  • Apache Tomcat
  • Dropwizard
  • Elastic Kibana
  • Hibernate
  • JavaServer Faces
  • Oracle ATG Web Commerce
  • Spring Framework

Acknowledgements

Thanks to @sshell for the deep dive on this list.

See also

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment