This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-44228). For additional information see:

NCSC-NL advisory


The Wall Street Journal: What Is the [log4shell] Vulnerability?

As Bad as It Gets

So how bad is Log4Shell really? As bad as it gets. According to the National Vulnerability Database (NVD), it’s rated as 10.0 CVSSv3 which, by my count of a 0.1 to 10 scale, is the worst possible. If successfully exploited, attackers can hit you with a Remote Code Execution (RCE) attack, which can be used to compromise your servers. Given how easy it is to exploit, even as you’re reading this, odds are decent you’re being attacked.


Subscribe to be notified of new posts:

Krupczak logo


Leave a comment

Your email address will not be published. Required fields are marked *