DEV Community

nabbisen
nabbisen

Posted on • Updated on • Originally published at scqr.net

A new RCE vulnerability on Log4j 2.17.0 (CVE-2021-4483)

Log4j 2.17.1 was released because a new vulnerability on RCE (Remote Code Execution) had been found in 2.17.0. (CVE-2021-4483)

According to The Apache Software Founndation, CVSS is 6.6 and the severity is moderate.

There is the risk when an attacker has the permission to modify the logging configuration file.


This post is based on the tweet by my company.

Top comments (0)