Skip to content

Instantly share code, notes, and snippets.

@jameskirsop

jameskirsop/log4j.md

Forked from noperator/log4j.md
Last active December 13, 2021 05:24
Show Gist options
  • Save jameskirsop/cac9d00cdd46d9a4ed8a6d98ae8cc666 to your computer and use it in GitHub Desktop.
Save jameskirsop/cac9d00cdd46d9a4ed8a6d98ae8cc666 to your computer and use it in GitHub Desktop.
Download ZIP
Emerging threat details on CVE-2021-44228 in Apache Log4j
Raw
log4j.md

Technologies using Apache Log4j

The Cosmos 🌌 team at Bishop Fox 🦊 is currently researching open-source projects that appear to use Log4j by default. This list is likely incomplete; we'll continue to share affected technologies here as we identify them.

  • Apache Druid
  • Apache Dubbo
  • Apache Flink
  • Apache Flume
  • Apache Hadoop
  • Apache Kafka
  • Apache Solr
  • Apache Spark
  • Apache Struts
  • Apache Tapestry
  • Apache Wicket
  • Elastic Elasticsearch
  • Elastic Logstash
  • Ghidra
  • Grails
  • Graylog
  • Minecraft

The following projects don't appear to use Log4j by default, though they may optionally be configured to use it.

  • Apache Tomcat
  • Dropwizard
  • Elastic Kibana
  • Hibernate
  • JavaServer Faces
  • Oracle ATG Web Commerce
  • Spring Framework

Acknowledgements

Thanks to @sshell for the deep dive on this list.

See also

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment