wg-best-practices-os-developers icon indicating copy to clipboard operation
wg-best-practices-os-developers copied to clipboard

Published 20 hours ago verified publisher icon ossf

add sending output format strings and templates lab

Open jasinner opened this issue 8 months ago • 2 comments

The Log4J developers prior to CVE-2021-44228 allowed uses to load arbitrary variables (and code) from a remote JNDI server using the logging templates. This example comes from the patch for CVE-2021-44228, and is part of the fix for that vulnerability which restricts which JNDI server host one can load variables from.

jasinner avatar May 27 '24 01:05 jasinner