TheCurle

Log4J CVE Advisory

The Problem

Log4J has a feature called Java Naming and Directory Interface (shortened to JNDI in this document), which allows a Java program to reach out to an external source to gather data.
If you put a section of text containing ${jndi:query} into the log, the Log4J library will try to resolve the query.
This can be combined with the Lightweight Directory Access Protocol (LDAP) to connect to a remote server.

However, because JNDI is built for retrieving data, and JNDI is a Java program, if you put a JNDI query using LDAP into a log, it will connect to the given site, download a file, and then execute it.
This is called Remote Code Execution.

lukas-h

Markdown License badges

Collection of License badges for your Project's README file.
This list includes the most common open source and open data licenses.
Easily copy and paste the code under the badges into your Markdown files.

Notes

• The badges do not fully replace the license informations for your projects, they are only emblems for the README, that the user can see the License at first glance.

Translations: (No guarantee that the translations are up-to-date)

• 🇫🇷 Cette liste en français