The developers of Log4j have patched another RCE vulnerability affecting the widely used logging utility. CVE-2021-44228, also known as Log4Shell, was detected in late November and has been exploited in several attacks since early December.
The latest vulnerability, tracked as CVE-2021-44832, has been patched with the release of Log4j 2.17.1, 2.3.2 and 2.12.4. The fix was released on December 28, just one day after it was reported to the developers. The vulnerability has been assigned a severity rating of “moderate” with a CVSS score of 6.6, but it’s not uncommon for the severity ratings assigned to Log4j issues to change.
Read More: Securityweek
For more such updates follow us on Google News ITsecuritywire News