...
Examples of different payloads being used actively: https://blog.cloudflare.com/actual-cve-2021-44228-payloads-captured-in-the-wild/
Info |
---|
Update 13/12 2021: While the issue is mitigated in Apache Log4J2 version 2.15.0 by disabling the feature by default that does not remove the vulnerability itself. |
How Ceptor can help
Ceptor fortunately does not use Log4J2, but instead SLF4J/Logback, (and Log4J v1.x if configured to do so) so it is not affected.
...