Log4J Vulnerability “Log4Shell” Resource Center

Apache Log4J, the popular java open source logging library, was plagued by a series of vulnerabilities over the course of several weeks in December 2021. The most serious was CVE-2021-44228, a remote code execution vulnerability with a CVSS score of 10, the maximum severity rating possible.

On this page, you’ll find resources from FOSSA’s security engineering team to help your organization detect, remove, and upgrade vulnerable versions of Log4J.

Resources

How to Implement the CSRB’s Log4j Security Recommendations

BLOG POST

Learn More

Using SBOMs for Security

ON-DEMAND WEBINAR

Watch Now

How to Quickly Find and Fix Log4j Vulnerabilities with FOSSA

BLOG POST

Learn More

Jog4j “Log4Shell” Zero-Day Vulnerability: Impact and Fixes

BLOG POST

Learn More

Detecting and Fixing the New Log4j DoS Vulnerability

BLOG POST

Learn More

FOSSA CLI

You can now use FOSSA's free CLI to detect Log4J vulnerabilities in your code. Simply download our CLI and run fossa log4j in your project root directory.

View Docs

Live Demo

Watch a live demo of the vulnerability being exploited and see how you can use FOSSA’s free CLI to identify if you’re using potentially vulnerable dependencies.

Cheatsheet

This handy cheatsheet offers step-by-step guidance to detect, remove, upgrade, and disable vulnerable Log4J components.

Download Now

Log4J Vulnerability ‘Log4Shell’ Resource Center | FOSSA

Log4J Vulnerability “Log4Shell” Resource Center

Resources

How to Implement the CSRB’s Log4j Security Recommendations

Using SBOMs for Security

How to Quickly Find and Fix Log4j Vulnerabilities with FOSSA

Jog4j “Log4Shell” Zero-Day Vulnerability: Impact and Fixes

Detecting and Fixing the New Log4j DoS Vulnerability

FOSSA CLI

Live Demo

Cheatsheet