Introducing FOSSA's new business tier — easy-to-use open source and SBOM management with added pricing flexibility. Learn More

Log4J Vulnerability “Log4Shell” Resource Center

Apache Log4J, the popular java open source logging library, was plagued by a series of vulnerabilities over the course of several weeks in December 2021. The most serious was CVE-2021-44228, a remote code execution vulnerability with a CVSS score of 10, the maximum severity rating possible.

On this page, you’ll find resources from FOSSA’s security engineering team to help your organization detect, remove, and upgrade vulnerable versions of Log4J.

You can now use FOSSA's free CLI to detect Log4J vulnerabilities in your code. Simply download our CLI and run fossa log4j in your project root directory.
View Docs

Watch a live demo of the vulnerability being exploited and see how you can use FOSSA’s free CLI to identify if you’re using potentially vulnerable dependencies

This handy cheatsheet offers step-by-step guidance to detect, remove, upgrade, and disable vulnerable Log4J components.
Download Now
Log4Shell Remedation Guide