SBOM Starter Kit: Get Your Copy

Log4J Vulnerability “Log4Shell” Resource Center

Apache Log4J, the popular java open source logging library, was plagued by a series of vulnerabilities over the course of several weeks in December 2021. The most serious was CVE-2021-44228, a remote code execution vulnerability with a CVSS score of 10, the maximum severity rating possible.

On this page, you’ll find resources from FOSSA’s security engineering team to help your organization detect, remove, and upgrade vulnerable versions of Log4J.

BLOG POST

How to Implement the CSRB’s Log4j Security Recommendations

Learn More
on-demand webinar

Log4Shell: A Case study in Responding to OSS 0-Day Attacks

Learn More
BLOG POST

How to Quickly Find and Fix Log4j Vulnerabilities with FOSSA

Learn More
BLOG POST

Jog4j “Log4Shell” Zero-Day Vulnerability: Impact and Fixes

Learn More
BLOG POST

Detecting and Fixing the New Log4j DoS Vulnerability

Learn More
You can now use FOSSA's free CLI to detect Log4J vulnerabilities in your code. Simply download our CLI and run fossa log4j in your project root directory.
View Docs

Watch a live demo of the vulnerability being exploited and see how you can use FOSSA’s free CLI to identify if you’re using potentially vulnerable dependencies

This handy cheatsheet offers step-by-step guidance to detect, remove, upgrade, and disable vulnerable Log4J components.
Download Now
Log4Shell Remedation Guide