Log4Shell

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability—its existence not noticed since 2013—was privately disclosed to The Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of the Alibaba's Cloud Security Team on 24 November 2021, and was publicly disclosed on 9 December 2021. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. It is estimated that the exploit affects hundreds of millions of devices and is very simple to execute.


Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability—its existence not noticed since 2013—was privately disclosed to The Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of the Alibaba's Cloud Security Team on 24 November 2021, and was publicly disclosed on 9 December 2021. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. It is estimated that the exploit affects hundreds of millions of devices and is very simple to execute.
Read article on Wikipedia