Skip to content

Log4j’s vulnerable versions have over 4 million downloads since disclosure

Since discovering the Log4j vulnerability called Log4Shell in December, the impacted tool has been downloaded over ten million times. According to Sonatype, the company which runs Apache Maven’s central repository, four of these ten million downloads are for vulnerable versions of the tool. 

The vulnerability was tracked as CVE-2021-44228 and was patched in v2.15 of the library on December 10. However, v2.14 and the rest of the 2.x branch of the utility continues to be vulnerable. Additional vulnerabilities tracked as CVE-2021-45056, CVE-2021-45105, and CVE-2021-44832 were also found following the first one and were fixed in v2.16 of the tool.

The discovery has already caused a lot of chaos in the tech industry, with the CISA launching a webpage to guide the US public and private sectors about the issue and ordering all federal civilian agencies to patch the issue by Christmas eve

Additionally, the US Federal Trade Commission threatened legal action against American organisations that don’t upgrade to secure versions of Log4j.  

In the News: Mozilla and The Markup partner to investigate Facebook’s data collection


Skating on thin ice?

Apache too highlighted the issue on its website. Once the news about the vulnerability was out, many exploitation opportunities came to light. However, actual exploitation seems to be quite visible. In fact, Belgium’s Defence Ministry was successfully attacked using a Log4j exploit. 

There could be several reasons behind this, with a lot of them being highlighted in a Twitter thread by Greg Bednarski stating that the attacks have been under-reported for several reasons. 

Alibaba’s Cloud Security team, which had initially reported the vulnerability on November 24, was also lashed out by the Chinese Ministry for not having waited long enough between local and international disclosures. 

In the News: Associated Press launches a Photojournalism NFT marketplace

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix






No more posts to show


>