Twitter Feed: Post

Twitter FeedDec 12, 2021, 2:54 AM

@bradfitz ("Brad Fitzpatrick") wrote:

Fighting fire with fire. Fun!

with quote tweet:

@volker_simonis ("Volker Simonis") wrote:

I've written a simple (i.e. standalone, no dependencies) Java program which patches JndiLookup.lookup() to return a fixed string and not parse its arguments. This should fix CVE-2021-44228 (i.e. RCE in Log4j) without restarting your JVM process. #Log4J

https://github.com/simonis/Log4jPatch