Twitter Feed
@bahamat ("Brian Bennett") retweeted:
@dangoodin001 ("Dan Goodin") wrote:
Description
“If a string substitution is attempted for any reason on the following string, it will trigger an infinite recursion, and the application will crash: ${${::-${::-$${::-j}}}}.”with quote tweet:
@liamosaur ("Liam O 🦆") wrote:
There's a new DoS vuln in log4j, affecting all versions up to and including 2.16.0. No patch currently available.
DoS is not as critical an issue as RCE, but being able to DoS a logger is a handy tool for attackers. Remember, "no logs, no crime" 😆 https://issues.apache.org/jira/browse/LOG4J2-3230