Solidified attack surface
https://www.bleepingcomputer.com/news/security/over-30-percent-of-log4j-apps-use-a-vulnerable-version-of-the-library/
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.
Log4Shell is an unauthenticated remote code execution (RCE) flaw that allows taking complete control over systems with Log4j 2.0-beta9 and up to 2.15.0.
Solidified attack surface
Sun Dec 10, 4:16pm UTC
https://www.bleepingcomputer.com/news/security/over-30-percent-of-log4j-apps-use-a-vulnerable-version-of-the-library/
> Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.
> Log4Shell is an unauthenticated remote code execution (RCE) flaw that allows taking complete control over systems with Log4j 2.0-beta9 and up to 2.15.0.