A new vulnerability named Log4Shell is being touted as one of the worst cybersecurity flaws to have been discovered. The vulnerability is based on an open-source logging library used in most applications by enterprises and even government agencies.
The exploits for this vulnerability are already being tested by hackers, according to several reports, and it grants them access to an application, and could potentially let them run malicious software on a device or servers.
What is the Log4Shell vulnerability?
The vulnerability first came to light on December 9, though some reports say the issue first surfaced on December 1, and was highlighted by Alibaba Cloud Security team’s Chen Zhaojun. The vulnerability is dubbed Log4Shell and is officially CVE-2021-44228 (CVE number is the unique number given to each vulnerability discovered across the world).