{"pocs":[{"id":"1167842383","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"zaryouhashraf","full_name":"zaryouhashraf\/CVE-2021-44228","html_url":"https:\/\/github.com\/zaryouhashraf\/CVE-2021-44228","description":"CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2026-02-27 03:39:00","updated_at":"2026-02-27 04:01:40","pushed_at":"2026-02-27 04:01:36","inserted_at":"2026-02-27 10:35:58"},{"id":"1150872494","cve_id":"CVE-2021-44228","name":"log4shell-remediation","owner":"agylabs","full_name":"agylabs\/log4shell-remediation","html_url":"https:\/\/github.com\/agylabs\/log4shell-remediation","description":"Log4Shell (CVE-2021-44228) security remediation demo - Showcasing Antigravity's ability to identify and fix critical security vulnerabilities in Java applications","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2026-02-06 04:41:28","updated_at":"2026-02-06 05:31:46","pushed_at":"2026-02-06 07:57:47","inserted_at":"2026-02-06 10:35:50"},{"id":"1134537465","cve_id":"CVE-2021-44228","name":"Log4Shell-PoC","owner":"JoseMariaMicoli","full_name":"JoseMariaMicoli\/Log4Shell-PoC","html_url":"https:\/\/github.com\/JoseMariaMicoli\/Log4Shell-PoC","description":"**Log4Shell PoC is a high-fidelity exploitation environment designed to replicate the CVE-2021-44228 vulnerability.** It provides a containerized sandbox to demonstrate JNDI injection, LDAP\/RMI referral redirection, and remote code execution (RCE) via the Log4j 2 library.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2026-01-15 06:18:59","updated_at":"2026-01-15 07:34:23","pushed_at":"2026-01-15 07:34:19","inserted_at":"2026-01-15 10:35:40"},{"id":"1116409915","cve_id":"CVE-2021-44228","name":"Log4j-Vulnerability","owner":"Loliverte","full_name":"Loliverte\/Log4j-Vulnerability","html_url":"https:\/\/github.com\/Loliverte\/Log4j-Vulnerability","description":"\u00c9tude technique et mise en \u0153uvre d'un environnement de test pour la faille Apache Log4j (CVE-2021-44228). Contient un Proof of Concept (PoC) Dockeris\u00e9 et une proposition de mise \u00e0 jour de PSSI. Pour un objectif de TP ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-12-15 04:57:59","updated_at":"2025-12-15 05:06:42","pushed_at":"2025-12-15 05:06:39","inserted_at":"2025-12-15 10:35:32"},{"id":"1110764889","cve_id":"CVE-2021-44228","name":"Log4Shell-CVE-2021-44228","owner":"DrHaitham","full_name":"DrHaitham\/Log4Shell-CVE-2021-44228","html_url":"https:\/\/github.com\/DrHaitham\/Log4Shell-CVE-2021-44228","description":"Hands-on lab for exploiting and understanding Log4Shell (CVE-2021-44228) using Docker, Kali Linux, Burp Suite and log4j-shell-poc. For teaching and defensive training in controlled lab environments only.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-12-06 02:25:39","updated_at":"2025-12-06 02:29:16","pushed_at":"2025-12-06 02:29:12","inserted_at":"2025-12-06 04:35:23"},{"id":"1098891132","cve_id":"CVE-2021-44228","name":"CVE-2021-44228---Log4Shell-Analysis","owner":"PCMKUIT","full_name":"PCMKUIT\/CVE-2021-44228---Log4Shell-Analysis","html_url":"https:\/\/github.com\/PCMKUIT\/CVE-2021-44228---Log4Shell-Analysis","description":"Technical deep dive into Apache Log4j2 JNDI injection vulnerability. Features static code analysis, patch comparison, attack vectors (LDAP\/RMI\/DNS), and enterprise mitigation guidance.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-11-18 18:26:42","updated_at":"2025-11-18 18:32:02","pushed_at":"2025-11-18 18:31:59","inserted_at":"2025-11-18 22:35:18"},{"id":"1097743132","cve_id":"CVE-2021-44228","name":"Log4Shell","owner":"mgueye3","full_name":"mgueye3\/Log4Shell","html_url":"https:\/\/github.com\/mgueye3\/Log4Shell","description":"This repository contains my work for a cybersecurity assignment where I exploited the real-world Log4Shell (CVE-2021-44228) vulnerability inside a safe, controlled virtual machine. The project followed a Capture-the-Flag format with multiple exploitation tasks to retrieve hidden flags.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-11-17 03:41:14","updated_at":"2025-11-17 03:43:47","pushed_at":"2025-11-17 03:43:44","inserted_at":"2025-11-17 10:35:15"},{"id":"1090388188","cve_id":"CVE-2021-44228","name":"Blackash-CVE-2021-44228","owner":"B1ack4sh","full_name":"B1ack4sh\/Blackash-CVE-2021-44228","html_url":"https:\/\/github.com\/B1ack4sh\/Blackash-CVE-2021-44228","description":"CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-11-06 00:47:47","updated_at":"2025-11-06 01:07:13","pushed_at":"2025-11-06 01:07:09","inserted_at":"2025-11-06 04:35:10"},{"id":"1084827717","cve_id":"CVE-2021-44228","name":"log4j2-bugmaker","owner":"Mintimate","full_name":"Mintimate\/log4j2-bugmaker","html_url":"https:\/\/github.com\/Mintimate\/log4j2-bugmaker","description":"Demo of CVE-2021-44228 Log4Shell.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-10-28 17:07:49","updated_at":"2025-10-28 17:10:51","pushed_at":"2025-10-28 17:10:48","inserted_at":"2025-10-29 04:35:07"},{"id":"1066448369","cve_id":"CVE-2021-44228","name":"log4shell","owner":"arabindadora","full_name":"arabindadora\/log4shell","html_url":"https:\/\/github.com\/arabindadora\/log4shell","description":"Log4Shell (CVE-2021-44228) PoC","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-09-29 22:53:19","updated_at":"2025-09-29 22:57:44","pushed_at":"2025-09-29 22:56:56","inserted_at":"2025-09-30 04:36:56"},{"id":"1065265366","cve_id":"CVE-2021-44228","name":"Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-device","owner":"KamalideenAK","full_name":"KamalideenAK\/Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-device","html_url":"https:\/\/github.com\/KamalideenAK\/Microsoft-Defender-for-Endpoint-Deployment-on-Windows-10-11-device","description":"This repository documents how deployment of Microsoft Defender for Endpoint on a Windows 11 device, including onboarding via local script, enabling device discovery, configuring Log4j2 detection (CVE-2021-44228), and validating incident response workflows.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-09-27 20:26:58","updated_at":"2025-09-27 21:20:23","pushed_at":"2025-09-27 21:20:20","inserted_at":"2025-09-27 22:36:48"},{"id":"1053557793","cve_id":"CVE-2021-44228","name":"Log4Shell","owner":"moften","full_name":"moften\/Log4Shell","html_url":"https:\/\/github.com\/moften\/Log4Shell","description":"Log4Shell CVE-2021-44228 PoC ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-09-10 00:59:25","updated_at":"2025-09-10 01:00:56","pushed_at":"2025-09-10 01:00:53","inserted_at":"2025-09-10 04:36:39"},{"id":"1031534389","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"Sorrence","full_name":"Sorrence\/CVE-2021-44228","html_url":"https:\/\/github.com\/Sorrence\/CVE-2021-44228","description":"A simple Log4j PoC written by Go","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-08-04 09:10:15","updated_at":"2025-08-04 09:16:52","pushed_at":"2025-08-04 09:16:49","inserted_at":"2025-08-04 10:36:24"},{"id":"1017646191","cve_id":"CVE-2021-44228","name":"hka-seminar-log4shell","owner":"fabioeletto","full_name":"fabioeletto\/hka-seminar-log4shell","html_url":"https:\/\/github.com\/fabioeletto\/hka-seminar-log4shell","description":"Praktische Demonstration der Log4Shell-Sicherheitsl\u00fccke (CVE-2021-44228)","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-07-11 06:42:08","updated_at":"2025-07-11 06:43:04","pushed_at":"2025-07-11 06:43:01","inserted_at":"2025-07-11 10:36:14"},{"id":"1005965210","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-Log4j-JNDI","owner":"x1ongsec","full_name":"x1ongsec\/CVE-2021-44228-Log4j-JNDI","html_url":"https:\/\/github.com\/x1ongsec\/CVE-2021-44228-Log4j-JNDI","description":"CVE-2021-44228 Vulnerability Reproduction Environment CVE-2021-44228 \u6f0f\u6d1e\u590d\u73b0\u73af\u5883","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-06-21 16:23:15","updated_at":"2025-06-21 16:44:48","pushed_at":"2025-06-21 16:44:44","inserted_at":"2025-06-21 22:36:10"},{"id":"991060283","cve_id":"CVE-2021-44228","name":"log4shell-homework9","owner":"SerpilRivas","full_name":"SerpilRivas\/log4shell-homework9","html_url":"https:\/\/github.com\/SerpilRivas\/log4shell-homework9","description":"Log4Shell (CVE-2021-44228) exploit demo for SEAS 8405. Includes a vulnerable Spring Boot app, fake LDAP server, Docker setup, MITRE mapping, incident response, and a full screen recording.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-05-27 13:23:26","updated_at":"2025-05-27 13:31:09","pushed_at":"2025-05-27 13:31:05","inserted_at":"2025-05-27 16:35:55"},{"id":"979875144","cve_id":"CVE-2021-44228","name":"Log4j-_Vulnerability","owner":"Fauzan-Aldi","full_name":"Fauzan-Aldi\/Log4j-_Vulnerability","html_url":"https:\/\/github.com\/Fauzan-Aldi\/Log4j-_Vulnerability","description":"The Web Is Vulnerable to CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-05-08 16:52:54","updated_at":"2025-05-08 16:58:11","pushed_at":"2025-05-08 16:58:08","inserted_at":"2025-05-08 22:36:02"},{"id":"979194246","cve_id":"CVE-2021-44228","name":"log4j-remediation-tools","owner":"separatecalo","full_name":"separatecalo\/log4j-remediation-tools","html_url":"https:\/\/github.com\/separatecalo\/log4j-remediation-tools","description":"Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228) log4j2, remediation, tools","stargazers_count":"55","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-05-07 15:26:50","updated_at":"2025-05-07 19:26:08","pushed_at":"2025-05-07 15:26:52","inserted_at":"2025-05-07 22:35:46"},{"id":"966309154","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-Log4Shell-","owner":"khaidtraivch","full_name":"khaidtraivch\/CVE-2021-44228-Log4Shell-","html_url":"https:\/\/github.com\/khaidtraivch\/CVE-2021-44228-Log4Shell-","description":"Ki\u1ec3m th\u1eed x\u00e2m nh\u1eadp ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-04-15 03:14:49","updated_at":"2025-04-15 03:17:33","pushed_at":"2025-04-15 03:17:29","inserted_at":"2025-04-15 04:35:38"},{"id":"946977506","cve_id":"CVE-2021-44228","name":"Log4shell","owner":"chihyeonwon","full_name":"chihyeonwon\/Log4shell","html_url":"https:\/\/github.com\/chihyeonwon\/Log4shell","description":"CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-03-12 10:01:47","updated_at":"2025-03-12 10:08:29","pushed_at":"2025-03-12 10:08:26","inserted_at":"2025-03-12 16:35:25"},{"id":"946203436","cve_id":"CVE-2021-44228","name":"log4shell-tools","owner":"surprisedmo","full_name":"surprisedmo\/log4shell-tools","html_url":"https:\/\/github.com\/surprisedmo\/log4shell-tools","description":"Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-03-11 04:19:14","updated_at":"2025-03-11 04:19:26","pushed_at":"2025-03-11 04:19:23","inserted_at":"2025-03-11 10:35:24"},{"id":"942606741","cve_id":"CVE-2021-44228","name":"log4shell-tools","owner":"lustrouscave","full_name":"lustrouscave\/log4shell-tools","html_url":"https:\/\/github.com\/lustrouscave\/log4shell-tools","description":"Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-03-04 20:23:43","updated_at":"2025-03-04 20:23:52","pushed_at":"2025-03-04 20:23:48","inserted_at":"2025-03-04 22:35:21"},{"id":"939549909","cve_id":"CVE-2021-44228","name":"log4shell-tools","owner":"blackmidnig","full_name":"blackmidnig\/log4shell-tools","html_url":"https:\/\/github.com\/blackmidnig\/log4shell-tools","description":"Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046 cve-2021-44228, cve-2021-45046, dns, jndi, ldap, log4j, log4shell","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-02-27 03:08:09","updated_at":"2025-02-27 03:08:21","pushed_at":"2025-02-27 03:08:15","inserted_at":"2025-02-27 04:35:20"},{"id":"934037658","cve_id":"CVE-2021-44228","name":"Log4Shell-vulnerability-CVE-2021-44228-","owner":"yadavmukesh","full_name":"yadavmukesh\/Log4Shell-vulnerability-CVE-2021-44228-","html_url":"https:\/\/github.com\/yadavmukesh\/Log4Shell-vulnerability-CVE-2021-44228-","description":"This repository provides an in-depth analysis of the Log4Shell vulnerability (CVE-2021-44228) and implements a machine learning-based approach to detect exploitation attempts in log data.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-02-17 16:03:36","updated_at":"2025-02-17 17:14:51","pushed_at":"2025-02-17 17:14:47","inserted_at":"2025-02-17 22:35:15"},{"id":"919340293","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"ZacharyZcR","full_name":"ZacharyZcR\/CVE-2021-44228","html_url":"https:\/\/github.com\/ZacharyZcR\/CVE-2021-44228","description":"\u8c03\u8bd5\u73af\u5883","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2025-01-20 17:04:01","updated_at":"2025-01-20 17:05:13","pushed_at":"2025-01-20 17:05:11","inserted_at":"2025-01-20 22:35:05"},{"id":"888768773","cve_id":"CVE-2021-44228","name":"cve-2021-44228","owner":"Super-Binary","full_name":"Super-Binary\/cve-2021-44228","html_url":"https:\/\/github.com\/Super-Binary\/cve-2021-44228","description":"\u8fd9\u662f\u5b89\u5fbd\u5927\u5b66 \u201c\u6f0f\u6d1e\u5206\u6790\u5b9e\u9a8c\u201d\uff08\u5927\u4e09\u79cb\u51ac\uff09\u671f\u4e2d\u4f5c\u4e1a\u5f52\u6863\u3002\u5b8c\u6574\u6587\u6863\u4f4d\u4e8ehttps:\/\/testgames.me\/2024\/11\/10\/cve-2021-44228\/","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-11-15 10:11:25","updated_at":"2024-11-15 10:18:44","pushed_at":"2024-11-15 10:18:40","inserted_at":"2024-11-15 16:35:08"},{"id":"886209908","cve_id":"CVE-2021-44228","name":"-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-","owner":"AhmedMansour93","full_name":"AhmedMansour93\/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-","html_url":"https:\/\/github.com\/AhmedMansour93\/-Unveiling-the-Lessons-from-Log4Shell-A-Wake-Up-Call-for-Cybersecurity-","description":"In December 2021, the world of cybersecurity was shaken by the discovery of the Log4Shell vulnerability (CVE-2021-44228), embedded within the widely-used Apache Log4j library. With a CVSS score of 10","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-11-10 22:45:59","updated_at":"2024-11-10 22:47:01","pushed_at":"2024-11-10 22:46:58","inserted_at":"2024-11-11 04:35:05"},{"id":"869690102","cve_id":"CVE-2021-44228","name":"TPASLog4ShellPoC","owner":"Carlos-Mesquita","full_name":"Carlos-Mesquita\/TPASLog4ShellPoC","html_url":"https:\/\/github.com\/Carlos-Mesquita\/TPASLog4ShellPoC","description":"Proof of Concept (PoC) for the Log4Shell vulnerability (CVE-2021-44228), developed as part of the coursework for the curricular unit TPAS in the Master's degree in Information Security at FCUP.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-10-09 03:07:21","updated_at":"2024-10-09 03:07:26","pushed_at":"2024-10-09 03:07:22","inserted_at":"2024-10-09 04:35:17"},{"id":"855573158","cve_id":"CVE-2021-44228","name":"log4j-shell-poc","owner":"safeer-accuknox","full_name":"safeer-accuknox\/log4j-shell-poc","html_url":"https:\/\/github.com\/safeer-accuknox\/log4j-shell-poc","description":"Log4J exploit CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-09-11 14:06:50","updated_at":"2024-09-11 14:12:39","pushed_at":"2024-09-11 14:12:36","inserted_at":"2024-09-11 16:41:08"},{"id":"834267924","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"asd58584388","full_name":"asd58584388\/CVE-2021-44228","html_url":"https:\/\/github.com\/asd58584388\/CVE-2021-44228","description":"CVE-2021-44228 vulnerability study","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-07-27 04:59:47","updated_at":"2024-07-27 05:57:53","pushed_at":"2024-07-27 05:57:47","inserted_at":"2024-07-27 10:40:30"},{"id":"812482563","cve_id":"CVE-2021-44228","name":"Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment","owner":"tadash10","full_name":"tadash10\/Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment","html_url":"https:\/\/github.com\/tadash10\/Exploiting-CVE-2021-44228-Log4Shell-in-a-Banking-Environment","description":"Objective: Demonstrate the exploitation of the Log4Shell vulnerability (CVE-2021-44228) within a simulated banking application environment.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-06-09 11:49:42","updated_at":"2024-06-09 12:06:16","pushed_at":"2024-06-09 12:06:13","inserted_at":"2024-06-09 16:39:50"},{"id":"807502120","cve_id":"CVE-2021-44228","name":"Log4Shell-PoC-Application","owner":"NikitaPark","full_name":"NikitaPark\/Log4Shell-PoC-Application","html_url":"https:\/\/github.com\/NikitaPark\/Log4Shell-PoC-Application","description":"Log4Shell (CVE-2021-44228) PoC Application","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-05-29 17:16:25","updated_at":"2025-06-03 00:11:30","pushed_at":"2024-10-10 23:40:00","inserted_at":"2025-06-03 04:35:58"},{"id":"777920527","cve_id":"CVE-2021-44228","name":"Wireshark","owner":"KirkDJohnson","full_name":"KirkDJohnson\/Wireshark","html_url":"https:\/\/github.com\/KirkDJohnson\/Wireshark","description":"Downloaded a packet capture (.pcapng) file from malware-traffic-analysis.net which was an example of an attempted attack against a webserver using the Log4J vulnerability (CVE-2021-44228). I examined teh amount of endpoints communicating with the server and knowing jnidi as a common in the vulnerbilty found it in clear text","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-03-27 03:47:20","updated_at":"2024-03-27 03:47:20","pushed_at":"2024-03-27 06:40:00","inserted_at":"2024-03-27 10:38:51"},{"id":"776289709","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-POC","owner":"sec13b","full_name":"sec13b\/CVE-2021-44228-POC","html_url":"https:\/\/github.com\/sec13b\/CVE-2021-44228-POC","description":"exploit CVE-2021-44228 ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-03-23 14:03:44","updated_at":"2024-03-23 14:06:40","pushed_at":"2024-03-23 14:11:31","inserted_at":"2024-03-23 16:38:47"},{"id":"772721921","cve_id":"CVE-2021-44228","name":"l4s-vulnapp","owner":"KtokKawu","full_name":"KtokKawu\/l4s-vulnapp","html_url":"https:\/\/github.com\/KtokKawu\/l4s-vulnapp","description":"This is a potentially vulnerable Java web application containing Log4j affected by log4shell(CVE-2021-44228).","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-03-16 03:57:11","updated_at":"2024-03-16 04:37:44","pushed_at":"2024-03-16 04:37:40","inserted_at":"2024-03-16 10:38:43"},{"id":"758729996","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"ItsCbass","full_name":"ItsCbass\/CVE-2021-44228","html_url":"https:\/\/github.com\/ItsCbass\/CVE-2021-44228","description":"Log4Shell CVE Analysis","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2024-02-17 08:54:32","updated_at":"2024-02-17 08:54:33","pushed_at":"2024-02-17 08:54:53","inserted_at":"2024-02-17 10:38:19"},{"id":"736198962","cve_id":"CVE-2021-44228","name":"l4j-fp1","owner":"scabench","full_name":"scabench\/l4j-fp1","html_url":"https:\/\/github.com\/scabench\/l4j-fp1","description":"jee web project with sanitised log4shell (CVE-2021-44228) vulnerability","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-12-27 17:49:38","updated_at":"2023-12-28 07:59:37","pushed_at":"2023-12-28 08:59:19","inserted_at":"2023-12-28 10:37:40"},{"id":"732890890","cve_id":"CVE-2021-44228","name":"l4j-tp1","owner":"scabench","full_name":"scabench\/l4j-tp1","html_url":"https:\/\/github.com\/scabench\/l4j-tp1","description":"jee web project with log4shell (CVE-2021-44228) vulnerability","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-12-18 14:07:59","updated_at":"2023-12-28 07:59:23","pushed_at":"2023-12-28 04:35:19","inserted_at":"2023-12-28 10:37:40"},{"id":"728564712","cve_id":"CVE-2021-44228","name":"CVE-Research","owner":"dcm2406","full_name":"dcm2406\/CVE-Research","html_url":"https:\/\/github.com\/dcm2406\/CVE-Research","description":"Research on CVE-2021-44228 and CVE-2023-46604","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-12-07 17:02:53","updated_at":"2023-12-07 17:02:53","pushed_at":"2023-12-07 17:02:53","inserted_at":"2023-12-07 22:37:24"},{"id":"725731160","cve_id":"CVE-2021-44228","name":"log4shell_lab","owner":"ShlomiRex","full_name":"ShlomiRex\/log4shell_lab","html_url":"https:\/\/github.com\/ShlomiRex\/log4shell_lab","description":"CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-12-01 03:55:40","updated_at":"2024-03-25 22:50:22","pushed_at":"2024-02-01 09:09:08","inserted_at":"2024-03-26 04:38:50"},{"id":"721701932","cve_id":"CVE-2021-44228","name":"log4shell-minecraft-demo","owner":"felixslama","full_name":"felixslama\/log4shell-minecraft-demo","html_url":"https:\/\/github.com\/felixslama\/log4shell-minecraft-demo","description":"Log4Shell (CVE-2021-44228) minecraft demo. Used for education fairs","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-11-22 00:45:31","updated_at":"2023-11-22 03:27:18","pushed_at":"2023-11-22 03:30:32","inserted_at":"2023-11-22 09:37:11"},{"id":"718233980","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"LucasPDiniz","full_name":"LucasPDiniz\/CVE-2021-44228","html_url":"https:\/\/github.com\/LucasPDiniz\/CVE-2021-44228","description":"Log4j Vulnerability RCE - CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-11-14 01:57:22","updated_at":"2023-11-14 02:09:40","pushed_at":"2023-11-14 02:09:18","inserted_at":"2023-11-14 09:37:05"},{"id":"709989316","cve_id":"CVE-2021-44228","name":"Odysseus","owner":"roshanshibu","full_name":"roshanshibu\/Odysseus","html_url":"https:\/\/github.com\/roshanshibu\/Odysseus","description":"A demo of the Log4Shell (CVE-2021-44228) vulnerability.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-10-26 04:27:00","updated_at":"2023-11-16 19:24:42","pushed_at":"2023-11-14 22:50:53","inserted_at":"2023-11-17 03:37:07"},{"id":"701169649","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"Tai-e","full_name":"Tai-e\/CVE-2021-44228","html_url":"https:\/\/github.com\/Tai-e\/CVE-2021-44228","description":"Utilize Tai-e to identify the Log4shell (a.k.a. CVE-2021-44228) Vulnerability","stargazers_count":"2","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-10-06 13:36:31","updated_at":"2023-10-06 19:00:00","pushed_at":"2023-10-06 18:30:27","inserted_at":"2023-10-07 03:36:33"},{"id":"660080340","cve_id":"CVE-2021-44228","name":"PY-Log4j-RCE-Scanner","owner":"MrHarshvardhan","full_name":"MrHarshvardhan\/PY-Log4j-RCE-Scanner","html_url":"https:\/\/github.com\/MrHarshvardhan\/PY-Log4j-RCE-Scanner","description":"Using this tool, you can scan for remote command execution vulnerability CVE-2021-44228 on Apache Log4j at multiple addresses.","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-06-29 16:46:40","updated_at":"2023-06-29 17:22:10","pushed_at":"2023-06-29 17:14:23","inserted_at":"2023-06-30 03:35:12"},{"id":"628273977","cve_id":"CVE-2021-44228","name":"log4j-exploit-with-fork-bomb","owner":"funcid","full_name":"funcid\/log4j-exploit-with-fork-bomb","html_url":"https:\/\/github.com\/funcid\/log4j-exploit-with-fork-bomb","description":"\ud83d\udca3\ud83d\udca5\ud83d\udc80 \u041f\u0440\u0438\u043c\u0435\u0440 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 fork-\u0431\u043e\u043c\u0431\u044b \u043d\u0430 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u043c \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-04-15 21:47:39","updated_at":"2023-04-16 20:04:02","pushed_at":"2023-04-15 21:47:41","inserted_at":"2023-04-17 03:36:17"},{"id":"622718899","cve_id":"CVE-2021-44228","name":"Log4ShellRemediation","owner":"demonrvm","full_name":"demonrvm\/Log4ShellRemediation","html_url":"https:\/\/github.com\/demonrvm\/Log4ShellRemediation","description":"A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-04-03 08:03:28","updated_at":"2023-04-03 08:12:42","pushed_at":"2023-04-03 08:12:38","inserted_at":"2023-04-03 09:36:06"},{"id":"616502386","cve_id":"CVE-2021-44228","name":"log4shell-vulnweb","owner":"github-kyruuu","full_name":"github-kyruuu\/log4shell-vulnweb","html_url":"https:\/\/github.com\/github-kyruuu\/log4shell-vulnweb","description":"this web is vulnerable against CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-03-20 23:09:30","updated_at":"2023-03-20 23:10:18","pushed_at":"2023-03-20 23:09:35","inserted_at":"2023-03-21 09:35:56"},{"id":"616448829","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"heeloo123","full_name":"heeloo123\/CVE-2021-44228","html_url":"https:\/\/github.com\/heeloo123\/CVE-2021-44228","description":"CVE-2021-44228 ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-03-20 21:13:13","updated_at":"2023-03-20 21:13:13","pushed_at":"2023-03-20 21:14:14","inserted_at":"2023-03-21 03:35:55"},{"id":"614031542","cve_id":"CVE-2021-44228","name":"Log4j-PoC","owner":"Sma-Das","full_name":"Sma-Das\/Log4j-PoC","html_url":"https:\/\/github.com\/Sma-Das\/Log4j-PoC","description":"An educational Proof of Concept for the Log4j Vulnerability (CVE-2021-44228) in Minecraft","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-03-15 03:49:36","updated_at":"2023-03-15 03:51:09","pushed_at":"2023-03-15 03:50:34","inserted_at":"2023-03-17 09:35:52"},{"id":"607760280","cve_id":"CVE-2021-44228","name":"log4j_poc","owner":"sn0wm4ker","full_name":"sn0wm4ker\/log4j_poc","html_url":"https:\/\/github.com\/sn0wm4ker\/log4j_poc","description":"PoC of CVE-2021-44228 , log4j","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-03-01 01:12:57","updated_at":"2023-03-01 19:06:21","pushed_at":"2023-03-01 19:04:05","inserted_at":"2023-03-01 21:35:40"},{"id":"599082211","cve_id":"CVE-2021-44228","name":"Log4Shell-CVE-2021-44228-PoC","owner":"pierpaolosestito-dev","full_name":"pierpaolosestito-dev\/Log4Shell-CVE-2021-44228-PoC","html_url":"https:\/\/github.com\/pierpaolosestito-dev\/Log4Shell-CVE-2021-44228-PoC","description":"CVE 2021-44228 Proof-of-Concept. Log4Shell is an attack against Servers that uses vulnerable versions of Log4J. ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-02-08 21:19:32","updated_at":"2023-02-09 23:10:19","pushed_at":"2023-02-08 21:20:31","inserted_at":"2023-02-10 09:35:25"},{"id":"595794114","cve_id":"CVE-2021-44228","name":"Log4j-Vulnerability","owner":"demining","full_name":"demining\/Log4j-Vulnerability","html_url":"https:\/\/github.com\/demining\/Log4j-Vulnerability","description":"Vulnerability CVE-2021-44228 allows remote code execution without authentication for several versions of Apache Log4j2 (Log4Shell). Attackers can exploit vulnerable servers by connecting over any protocol, such as HTTPS, and sending a specially crafted string.","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2023-02-01 05:29:26","updated_at":"2023-02-01 07:06:36","pushed_at":"2023-02-01 05:35:59","inserted_at":"2023-02-01 15:35:18"},{"id":"563424783","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"srcporter","full_name":"srcporter\/CVE-2021-44228","html_url":"https:\/\/github.com\/srcporter\/CVE-2021-44228","description":"DO NOT USE FOR ANYTHING REAL. Simple springboot sample app with vulnerability CVE-2021-44228 aka \"Log4Shell\" ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-11-09 00:29:42","updated_at":"2022-11-09 00:29:42","pushed_at":"2022-11-09 00:29:43","inserted_at":"2022-11-09 03:40:11"},{"id":"539674997","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-poc","owner":"bcdunbar","full_name":"bcdunbar\/CVE-2021-44228-poc","html_url":"https:\/\/github.com\/bcdunbar\/CVE-2021-44228-poc","description":"CVE-2021-44228 POC \/ Example","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-09-22 05:33:06","updated_at":"2022-09-22 05:33:06","pushed_at":"2022-09-22 05:33:07","inserted_at":"2022-09-22 09:39:32"},{"id":"539366249","cve_id":"CVE-2021-44228","name":"log4j-shell-poc","owner":"ocastel","full_name":"ocastel\/log4j-shell-poc","html_url":"https:\/\/github.com\/ocastel\/log4j-shell-poc","description":"A Proof-Of-Concept for the CVE-2021-44228 vulnerability. ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-09-21 16:43:15","updated_at":"2022-09-21 18:04:17","pushed_at":"2022-09-21 16:54:56","inserted_at":"2022-09-21 21:39:32"},{"id":"537419607","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-RCE","owner":"Administrative2022","full_name":"Administrative2022\/CVE-2021-44228-RCE","html_url":"https:\/\/github.com\/Administrative2022\/CVE-2021-44228-RCE","description":"Mass exploitation scripts for 12 software which are affected by log4j rce","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-09-16 19:59:58","updated_at":"2022-09-16 19:59:58","pushed_at":"2022-09-16 20:04:08","inserted_at":"2022-09-16 21:39:29"},{"id":"533987858","cve_id":"CVE-2021-44228","name":"Log4j-CVE-2021-44228-Remediation","owner":"digital-dev","full_name":"digital-dev\/Log4j-CVE-2021-44228-Remediation","html_url":"https:\/\/github.com\/digital-dev\/Log4j-CVE-2021-44228-Remediation","description":"This powershell script is intended to be used by anyone looking to remediate the Log4j Vulnerability within their environment. It can target multiple machines and run remotely as a job on all or only affected devices.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-09-08 09:22:57","updated_at":"2022-09-08 09:23:02","pushed_at":"2022-09-08 09:22:59","inserted_at":"2022-09-08 15:39:21"},{"id":"529025141","cve_id":"CVE-2021-44228","name":"jankybank","owner":"eurogig","full_name":"eurogig\/jankybank","html_url":"https:\/\/github.com\/eurogig\/jankybank","description":"Simple Java Front and Back end with bad log4j version featuring CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-08-26 06:35:32","updated_at":"2022-08-26 06:37:58","pushed_at":"2022-08-26 08:05:51","inserted_at":"2022-08-26 09:39:10"},{"id":"524440151","cve_id":"CVE-2021-44228","name":"autoL4s","owner":"nemesi-ita","full_name":"nemesi-ita\/autoL4s","html_url":"https:\/\/github.com\/nemesi-ita\/autoL4s","description":"Autopwn Log4Shell (CVE-2021-44228)!!!","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-08-14 00:42:27","updated_at":"2022-08-14 00:43:08","pushed_at":"2022-08-14 00:43:05","inserted_at":"2022-08-14 03:39:01"},{"id":"520582575","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"vino-theva","full_name":"vino-theva\/CVE-2021-44228","html_url":"https:\/\/github.com\/vino-theva\/CVE-2021-44228","description":"Apache Log4j is a logging tool written in Java. This paper focuses on what is Log4j and log4shell  vulnerability and how it works, how it affects the victim, and  how can this be mitigated","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-08-03 02:03:55","updated_at":"2022-08-03 02:03:55","pushed_at":"2022-08-03 02:12:13","inserted_at":"2022-08-03 09:38:52"},{"id":"515491317","cve_id":"CVE-2021-44228","name":"Ethical-Hacking-Report-Log4j","owner":"vidrez","full_name":"vidrez\/Ethical-Hacking-Report-Log4j","html_url":"https:\/\/github.com\/vidrez\/Ethical-Hacking-Report-Log4j","description":":page_with_curl: A report about CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-07-19 17:03:05","updated_at":"2022-07-19 17:27:19","pushed_at":"2022-07-19 17:08:12","inserted_at":"2022-07-19 21:38:40"},{"id":"515475941","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-Mass-RCE-Log4j","owner":"cybersecurityresearcher","full_name":"cybersecurityresearcher\/CVE-2021-44228-Mass-RCE-Log4j","html_url":"https:\/\/github.com\/cybersecurityresearcher\/CVE-2021-44228-Mass-RCE-Log4j","description":"CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL\/IP lists. ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-07-19 16:13:28","updated_at":"2022-07-19 16:16:24","pushed_at":"2022-07-19 16:14:41","inserted_at":"2022-07-19 21:38:40"},{"id":"515332940","cve_id":"CVE-2021-44228","name":"Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-44228","owner":"tharindudh","full_name":"tharindudh\/Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-44228","html_url":"https:\/\/github.com\/tharindudh\/Log4j-Vulnerability-in-Ghidra-tool-CVE-2021-44228","description":"Remote Code Execution attacks are one of the most frequent methods employed by cybercriminals to compromise susceptible computers. In the previous year, a serious zero-day vulnerability was identified in Log4j, a java program used by developers for debugging and application modification loggings. This is also a significant vulnerability that affects the so-called Ghidra reverse engineering tool.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-07-19 05:33:10","updated_at":"2022-07-19 05:33:10","pushed_at":"2022-07-19 05:33:11","inserted_at":"2022-07-19 09:38:39"},{"id":"514092288","cve_id":"CVE-2021-44228","name":"log4j-scan","owner":"bughuntar","full_name":"bughuntar\/log4j-scan","html_url":"https:\/\/github.com\/bughuntar\/log4j-scan","description":"A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-07-15 10:07:56","updated_at":"2022-07-15 10:07:56","pushed_at":"2022-07-15 10:22:17","inserted_at":"2022-07-15 15:38:36"},{"id":"502589993","cve_id":"CVE-2021-44228","name":"Log4Shell-CVE-2121-44228-Demo","owner":"ra890927","full_name":"ra890927\/Log4Shell-CVE-2121-44228-Demo","html_url":"https:\/\/github.com\/ra890927\/Log4Shell-CVE-2121-44228-Demo","description":"Log4Shell CVE-2021-44228 Demo","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-06-12 19:57:07","updated_at":"2022-06-12 20:11:49","pushed_at":"2022-06-12 20:16:47","inserted_at":"2022-06-12 21:38:10"},{"id":"501054329","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"jaehnri","full_name":"jaehnri\/CVE-2021-44228","html_url":"https:\/\/github.com\/jaehnri\/CVE-2021-44228","description":"Proof of concept of the Log4Shell vulnerability (CVE-2021-44228)","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-06-08 10:09:28","updated_at":"2022-06-08 11:17:05","pushed_at":"2022-06-08 12:58:19","inserted_at":"2022-06-08 15:38:06"},{"id":"500852820","cve_id":"CVE-2021-44228","name":"tf-log4j-aws-poc","owner":"moshuum","full_name":"moshuum\/tf-log4j-aws-poc","html_url":"https:\/\/github.com\/moshuum\/tf-log4j-aws-poc","description":"This project files demostrate a proof-of-concept of log4j vulnerability (CVE-2021-44228) on AWS using Terraform Infrastructure-as-a-code means.","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-06-07 22:30:37","updated_at":"2022-06-08 08:24:00","pushed_at":"2022-06-08 08:17:34","inserted_at":"2022-06-08 09:38:07"},{"id":"494502983","cve_id":"CVE-2021-44228","name":"log4j","owner":"hassaanahmad813","full_name":"hassaanahmad813\/log4j","html_url":"https:\/\/github.com\/hassaanahmad813\/log4j","description":"CVE-2021-44228 vulnerability in Apache Log4j library","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-05-20 23:48:29","updated_at":"2023-04-10 21:51:15","pushed_at":"2021-12-17 17:49:43","inserted_at":"2023-04-11 09:36:12"},{"id":"493654237","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-mass","owner":"kuznyJan1972","full_name":"kuznyJan1972\/CVE-2021-44228-mass","html_url":"https:\/\/github.com\/kuznyJan1972\/CVE-2021-44228-mass","description":"CVE-2021-44228 PoC for more than 12 affected softwares(not publicly disclossed yet) with mass exploitation script for each.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-05-18 21:30:14","updated_at":"2022-05-18 21:30:14","pushed_at":"2022-05-18 21:42:05","inserted_at":null},{"id":"491872919","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"Phineas09","full_name":"Phineas09\/CVE-2021-44228","html_url":"https:\/\/github.com\/Phineas09\/CVE-2021-44228","description":"Log4Shell Proof-Of-Concept derived from https:\/\/github.com\/kozmer\/log4j-shell-poc","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-05-13 20:35:22","updated_at":"2022-05-13 20:40:56","pushed_at":"2022-05-14 01:49:39","inserted_at":null},{"id":"490330900","cve_id":"CVE-2021-44228","name":"Log4Shell-obfuscated-payloads-generator","owner":"r3kind1e","full_name":"r3kind1e\/Log4Shell-obfuscated-payloads-generator","html_url":"https:\/\/github.com\/r3kind1e\/Log4Shell-obfuscated-payloads-generator","description":"Generate primary obfuscated or secondary obfuscated CVE-2021-44228 or CVE-2021-45046 payloads to evade WAF detection.","stargazers_count":"10","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-05-10 00:02:29","updated_at":"2022-05-12 15:08:10","pushed_at":"2022-05-10 11:38:54","inserted_at":null},{"id":"487163916","cve_id":"CVE-2021-44228","name":"Writing-Sample-1","owner":"TPower2112","full_name":"TPower2112\/Writing-Sample-1","html_url":"https:\/\/github.com\/TPower2112\/Writing-Sample-1","description":"CVE-2021-44228 Log4j Summary","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-04-30 11:35:38","updated_at":"2022-05-04 13:51:45","pushed_at":"2022-11-20 04:37:19","inserted_at":"2022-11-20 09:40:20"},{"id":"482785359","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-Mass-RCE-Log4j","owner":"ExploitPwner","full_name":"ExploitPwner\/CVE-2021-44228-Mass-RCE-Log4j","html_url":"https:\/\/github.com\/ExploitPwner\/CVE-2021-44228-Mass-RCE-Log4j","description":"CVE-2021-44228 Log4J multithreaded Mass Exploitation tool compatible with URL\/IP lists. ","stargazers_count":"2","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-04-18 18:16:05","updated_at":"2022-05-10 08:51:13","pushed_at":"2022-05-18 00:35:46","inserted_at":null},{"id":"482498767","cve_id":"CVE-2021-44228","name":"log4j-scanner","owner":"manishkanyal","full_name":"manishkanyal\/log4j-scanner","html_url":"https:\/\/github.com\/manishkanyal\/log4j-scanner","description":"A Log4j vulnerability scanner is used to identify the CVE-2021-44228 and CVE_2021_45046","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-04-17 20:01:24","updated_at":"2022-04-17 20:22:10","pushed_at":"2022-04-17 20:27:22","inserted_at":null},{"id":"477232735","cve_id":"CVE-2021-44228","name":"log4shell-honeypot","owner":"vulnerable-apps","full_name":"vulnerable-apps\/log4shell-honeypot","html_url":"https:\/\/github.com\/vulnerable-apps\/log4shell-honeypot","description":"Java application vulnerable to the CVE-2021-44228 (a.k.a log4shell) vulnerability","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-04-03 12:58:11","updated_at":"2022-04-03 12:58:01","pushed_at":"2021-12-17 19:51:33","inserted_at":"2023-08-02 03:35:39"},{"id":"468746734","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"Jun-5heng","full_name":"Jun-5heng\/CVE-2021-44228","html_url":"https:\/\/github.com\/Jun-5heng\/CVE-2021-44228","description":"Log4j2\u7ec4\u4ef6\u547d\u4ee4\u6267\u884cRCE \/ Code By:Jun_sheng","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-03-11 21:43:15","updated_at":"2022-03-11 22:24:13","pushed_at":"2022-03-11 22:24:09","inserted_at":null},{"id":"468389206","cve_id":"CVE-2021-44228","name":"vulescanjndilookup","owner":"MiguelM001","full_name":"MiguelM001\/vulescanjndilookup","html_url":"https:\/\/github.com\/MiguelM001\/vulescanjndilookup","description":"HERRAMIENTA AUTOMATIZADA PARA LA DETECCION DE LA VULNERABILIDAD CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-03-10 23:57:30","updated_at":"2022-03-11 00:56:57","pushed_at":"2022-03-12 02:49:10","inserted_at":null},{"id":"467749739","cve_id":"CVE-2021-44228","name":"log4shellwithlog4j2_13_3","owner":"paulvkitor","full_name":"paulvkitor\/log4shellwithlog4j2_13_3","html_url":"https:\/\/github.com\/paulvkitor\/log4shellwithlog4j2_13_3","description":"Springboot web application accepts a name get parameter and logs its value to log4j2.  Vulnerable to CVE-2021-44228.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-03-09 11:29:58","updated_at":"2022-03-09 13:11:03","pushed_at":"2022-03-09 13:11:00","inserted_at":null},{"id":"463165453","cve_id":"CVE-2021-44228","name":"Log-4j-scanner","owner":"Ananya-0306","full_name":"Ananya-0306\/Log-4j-scanner","html_url":"https:\/\/github.com\/Ananya-0306\/Log-4j-scanner","description":"A fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-02-24 22:49:14","updated_at":"2022-04-29 22:54:03","pushed_at":"2022-03-04 22:30:17","inserted_at":null},{"id":"459806805","cve_id":"CVE-2021-44228","name":"l4srs","owner":"s-retlaw","full_name":"s-retlaw\/l4srs","html_url":"https:\/\/github.com\/s-retlaw\/l4srs","description":"Rust implementation of the Log 4 Shell (log 4 j - CVE-2021-44228)","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-02-16 10:13:08","updated_at":"2022-02-16 10:21:29","pushed_at":"2022-05-17 18:50:18","inserted_at":null},{"id":"458500087","cve_id":"CVE-2021-44228","name":"log4shell-white-box","owner":"hotpotcookie","full_name":"hotpotcookie\/log4shell-white-box","html_url":"https:\/\/github.com\/hotpotcookie\/log4shell-white-box","description":"Log4j vulner testing environment based on CVE-2021-44228. It provide guidance to build the sample infrastructure and the exploit scripts","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-02-12 20:19:41","updated_at":"2022-05-11 00:12:41","pushed_at":"2022-05-11 00:06:09","inserted_at":null},{"id":"458405084","cve_id":"CVE-2021-44228","name":"Log4Shell","owner":"FeryaelJustice","full_name":"FeryaelJustice\/Log4Shell","html_url":"https:\/\/github.com\/FeryaelJustice\/Log4Shell","description":"This repository is for Log4j 2021 (CVE-2021-44228) Vulnerability demonstration and mitigation.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-02-12 12:02:24","updated_at":"2022-02-12 12:02:24","pushed_at":"2022-02-12 13:11:27","inserted_at":null},{"id":"453952325","cve_id":"CVE-2021-44228","name":"yLog4j","owner":"y-security","full_name":"y-security\/yLog4j","html_url":"https:\/\/github.com\/y-security\/yLog4j","description":"PortSwigger Burp Plugin for the Log4j  (CVE-2021-44228)","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-31 18:54:19","updated_at":"2022-01-31 23:15:57","pushed_at":"2022-01-31 19:23:27","inserted_at":null},{"id":"452823928","cve_id":"CVE-2021-44228","name":"log4j-polkit-poc","owner":"0xalwayslucky","full_name":"0xalwayslucky\/log4j-polkit-poc","html_url":"https:\/\/github.com\/0xalwayslucky\/log4j-polkit-poc","description":"vulnerable setup to display an attack chain of log4j CVE-2021-44228 with privilege escalation to root using the polkit exploit CVE-2021-4034","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-28 04:54:16","updated_at":"2022-01-29 15:29:58","pushed_at":"2022-01-29 00:08:53","inserted_at":null},{"id":"450033114","cve_id":"CVE-2021-44228","name":"cve-2021-44228-waf-tests","owner":"robrankin","full_name":"robrankin\/cve-2021-44228-waf-tests","html_url":"https:\/\/github.com\/robrankin\/cve-2021-44228-waf-tests","description":"Testing WAF protection against CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-20 18:30:44","updated_at":"2022-01-20 18:39:04","pushed_at":"2022-01-20 21:29:07","inserted_at":null},{"id":"449417650","cve_id":"CVE-2021-44228","name":"CVE-2021-44228-Log4Shell-POC","owner":"ColdFusionX","full_name":"ColdFusionX\/CVE-2021-44228-Log4Shell-POC","html_url":"https:\/\/github.com\/ColdFusionX\/CVE-2021-44228-Log4Shell-POC","description":"POC for Infamous Log4j CVE-2021-44228","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-19 04:22:38","updated_at":"2022-01-24 01:18:55","pushed_at":"2022-01-21 00:28:58","inserted_at":null},{"id":"448890655","cve_id":"CVE-2021-44228","name":"PS-CVE-2021-44228","owner":"arnaudluti","full_name":"arnaudluti\/PS-CVE-2021-44228","html_url":"https:\/\/github.com\/arnaudluti\/PS-CVE-2021-44228","description":"Static detection of vulnerable log4j librairies on Windows servers, members of an AD domain.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-17 21:46:20","updated_at":"2022-01-19 17:30:13","pushed_at":"2022-01-19 17:31:33","inserted_at":null},{"id":"448612058","cve_id":"CVE-2021-44228","name":"log4stdin","owner":"aajuvonen","full_name":"aajuvonen\/log4stdin","html_url":"https:\/\/github.com\/aajuvonen\/log4stdin","description":"A Java application intentionally vulnerable to CVE-2021-44228","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-17 01:39:19","updated_at":"2022-04-03 01:13:36","pushed_at":"2022-04-03 20:03:53","inserted_at":null},{"id":"448039430","cve_id":"CVE-2021-44228","name":"Search-log4Jvuln-AppScanSTD","owner":"jrocia","full_name":"jrocia\/Search-log4Jvuln-AppScanSTD","html_url":"https:\/\/github.com\/jrocia\/Search-log4Jvuln-AppScanSTD","description":"This Pwsh script run AppScan Standard scans against a list of web sites (URLs.txt) checking for Log4J (CVE-2021-44228) vulnerability","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-15 01:47:20","updated_at":"2022-01-15 01:54:21","pushed_at":"2022-01-15 03:34:31","inserted_at":null},{"id":"447754863","cve_id":"CVE-2021-44228","name":"log4j_github_repository","owner":"sdogancesur","full_name":"sdogancesur\/log4j_github_repository","html_url":"https:\/\/github.com\/sdogancesur\/log4j_github_repository","description":"This work includes testing and improvement tools for CVE-2021-44228(log4j).","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-14 06:16:26","updated_at":"2022-01-17 01:50:14","pushed_at":"2022-01-16 03:52:17","inserted_at":null},{"id":"447683203","cve_id":"CVE-2021-44228","name":"RS4LOGJ-CVE-2021-44228","owner":"atlassion","full_name":"atlassion\/RS4LOGJ-CVE-2021-44228","html_url":"https:\/\/github.com\/atlassion\/RS4LOGJ-CVE-2021-44228","description":"Fix: CVE-2021-44228 4LOGJ","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-14 02:04:52","updated_at":"2022-01-19 21:29:27","pushed_at":"2021-12-28 22:50:30","inserted_at":null},{"id":"447682859","cve_id":"CVE-2021-44228","name":"log4j-exploit-builder","owner":"atlassion","full_name":"atlassion\/log4j-exploit-builder","html_url":"https:\/\/github.com\/atlassion\/log4j-exploit-builder","description":"Script to create a log4j (CVE-2021-44228) exploit with support for different methods of getting a reverse shell","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-14 02:03:54","updated_at":"2022-07-01 03:53:34","pushed_at":"2021-12-30 03:34:45","inserted_at":"2022-07-01 09:38:25"},{"id":"447404470","cve_id":"CVE-2021-44228","name":"log4shell","owner":"jxerome","full_name":"jxerome\/log4shell","html_url":"https:\/\/github.com\/jxerome\/log4shell","description":"D\u00e9mo du fonctionnement de log4shell (CVE-2021-44228)","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-13 08:44:20","updated_at":"2022-01-13 08:59:13","pushed_at":"2022-01-14 23:03:14","inserted_at":null},{"id":"446218653","cve_id":"CVE-2021-44228","name":"log4jhound","owner":"mebibite","full_name":"mebibite\/log4jhound","html_url":"https:\/\/github.com\/mebibite\/log4jhound","description":"Created after the disclosure of CVE-2021-44228. Bash script that detects Log4j occurrences in your projects and systems, allowing you to get insight on versions used. Unpacks JARs and analyses their Manifest files.","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-10 07:34:49","updated_at":"2024-04-23 04:41:40","pushed_at":"2022-04-01 09:43:53","inserted_at":"2024-04-23 10:39:13"},{"id":"446098711","cve_id":"CVE-2021-44228","name":"CVE-2021-44228","owner":"maximofernandezriera","full_name":"maximofernandezriera\/CVE-2021-44228","html_url":"https:\/\/github.com\/maximofernandezriera\/CVE-2021-44228","description":"This Log4j RCE exploit originated from https:\/\/github.com\/tangxiaofeng7\/CVE-2021-44228-Apache-Log4j-Rce","stargazers_count":"2","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-09 22:38:38","updated_at":"2022-01-30 15:01:01","pushed_at":"2022-01-09 22:43:35","inserted_at":null},{"id":"445745731","cve_id":"CVE-2021-44228","name":"vuln4japi","owner":"nix-xin","full_name":"nix-xin\/vuln4japi","html_url":"https:\/\/github.com\/nix-xin\/vuln4japi","description":"A vulnerable Java based REST API for demonstrating CVE-2021-44228 (log4shell).","stargazers_count":"0","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-08 15:45:44","updated_at":"2022-01-10 17:20:25","pushed_at":"2022-01-10 17:20:22","inserted_at":null},{"id":"445687561","cve_id":"CVE-2021-44228","name":"log4j-fuzzer","owner":"mr-vill4in","full_name":"mr-vill4in\/log4j-fuzzer","html_url":"https:\/\/github.com\/mr-vill4in\/log4j-fuzzer","description":"CVE-2021-44228","stargazers_count":"3","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-08 09:28:32","updated_at":"2022-04-01 21:41:00","pushed_at":"2022-03-20 06:10:47","inserted_at":null},{"id":"445474259","cve_id":"CVE-2021-44228","name":"log4jshell_CVE-2021-44228","owner":"Vulnmachines","full_name":"Vulnmachines\/log4jshell_CVE-2021-44228","html_url":"https:\/\/github.com\/Vulnmachines\/log4jshell_CVE-2021-44228","description":"Log4jshell - CVE-2021-44228","stargazers_count":"1","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-07 18:56:30","updated_at":"2022-01-12 15:44:17","pushed_at":"2022-01-07 23:01:18","inserted_at":null},{"id":"444967250","cve_id":"CVE-2021-44228","name":"Log4jHorizon","owner":"puzzlepeaches","full_name":"puzzlepeaches\/Log4jHorizon","html_url":"https:\/\/github.com\/puzzlepeaches\/Log4jHorizon","description":"Exploiting CVE-2021-44228 in VMWare Horizon for remote code execution and more.","stargazers_count":"79","vuln_description":"Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.","created_at":"2022-01-06 07:25:42","updated_at":"2022-04-08 12:27:51","pushed_at":"2022-01-11 04:26:59","inserted_at":null}]}