Log4J Vulnerability “Log4Shell” Resource Center

Apache Log4J, the popular java open source logging library, was plagued by a series of vulnerabilities over the course of several weeks in December 2021. The most serious was CVE-2021-44228, a remote code execution vulnerability with a CVSS score of 10, the maximum severity rating possible.

On this page, you’ll find resources from FOSSA’s security engineering team to help your organization detect, remove, and upgrade vulnerable versions of Log4J.

You can now use FOSSA's free CLI to detect Log4J vulnerabilities in your code. Simply download our CLI and run fossa log4j in your project root directory.


# download `fossa-cli` and run a scan in your terminal
curl -LH 'Cache-Control: no-cache' https://git.io/vpagT  | bash

// download `fossa-cli` and run a scan in your terminal

View Docs

Watch a live demo of the vulnerability being exploited and see how you can use FOSSA’s free CLI to identify if you’re using potentially vulnerable dependencies