Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring | LunaSec

2022/03/30 9 users Spring4Shell

If you'd like to contribute any specific information about this vulnerability, we encourage you to add it to this blog post directly by adding it yourself on GitHub! Once you do, please send us a Pull Request for us to review and land. RCE in "Spring Core"​We believe that users running JDK versio... 続きを読む

Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaSec

2021/12/15 5 users CVE-2021-44228

We found that the DOS outlined in the CVE was not actually impactful because it did not consume resources during our testing (see below). We could still be wrong through, so we continue to recommend that you upgrade to 2.16.0 in the event that a better exploit is found to abuse this attack vector... 続きを読む

RCE 0-day exploit found in log4j, a popular Java logging package | LunaSec

2021/12/10 162 users PACKAGE Part 1

RCE 0-day exploit found in log4j, a popular Java logging packageWhy your Content Security Policy isn't as secure as you thinkHow Data Breaches happen and why Secure by Default software is the futureBuildKit intermediate caching in CIHow to build an Open Source Business in 2021 (Part 1) 続きを読む