Jozhe
shared a link post in group #(Cool) Dev
Log4j vulnerability
- two random unpaid folk maintain the code
- a random requested the vuln/feature in 2013
- major IT and security vendors rely on that code
- problem was publicised by teens in Minecraft video game
π
threatpost.com
Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a βMini internet meltdown soonish.β