A second vulnerability impacting Apache Log4j has been discovered as the security industry has scrambled to mitigate and fix a severe zero-day Java library logging flaw (CVE-2021-44228) dubbed Log4Shell. The new vulnerability, CVE 2021-45046, could allow attackers to craft malicious input data using a JNDI lookup pattern resulting in a denial-of-service (DoS) attack, according to the CVE description.
To read this article in full, please click here
Support the originator by clicking the read the rest link below.