cve-2021-44228
Safeguard articles tagged "cve-2021-44228" — guides, analysis, and best practices for software supply chain and application security.
13 articles
Lessons from Log4Shell: How One Logging Call Became the Internet's Worst Weekend
CVE-2021-44228 let an unauthenticated attacker run code by getting a single string logged. Here is how Log4Shell worked, why it was everywhere, and what actually contained it.
Log4j Log4Shell vulnerability explained CVE-2021-44228
Log4Shell (CVE-2021-44228) let attackers gain RCE via a single logged string. Here's the CVSS/EPSS/KEV context, timeline, and how to remediate it.
Log4Shell remediation cheat sheet
A practical, no-fluff Log4Shell remediation cheat sheet: affected versions, CVSS/EPSS/KEV context, timeline, and the exact steps to close CVE-2021-44228.
Log4Shell (Log4j Vulnerability) Explained
A deep dive into Log4Shell (CVE-2021-44228): how the critical Log4j2 RCE flaw worked, its timeline, affected versions, and how to remediate it.
Log4Shell (CVE-2021-44228) and the supply chain lessons o...
A Log4Shell CVE-2021-44228 analysis covering the JNDI lookup flaw, CVSS 10.0 severity, KEV status, patch timeline, remediation steps, and the transitive dependency lessons it taught.
Log4Shell RCE in Apache Log4j (CVE-2021-44228)
A deep dive into CVE-2021-44228 (Log4Shell): the critical Log4j RCE vulnerability, its timeline, affected versions, and concrete remediation steps.
Log4Shell Five Years Later: What CVE-2021-44228 Taught Us About Transitive Risk
Five years after Log4Shell, the technical details still matter, but the lasting lessons are about transitive dependencies, SBOM accuracy, and the long tail of unpatched internal tooling.
How Log4Shell exposed cloud container images and how to d...
Log4Shell (CVE-2021-44228) still hides in container images years later. Here's how it works, its CVSS/EPSS/KEV context, and how to detect and remediate it across ECR, ACR, and GAR.
Log4Shell (CVE-2021-44228) Deep Dive: JNDI Injection in L...
Log4Shell (CVE-2021-44228) let attackers achieve remote code execution via a single logged string. A deep dive into the JNDI flaw, its impact, and remediation.
Log4Shell Three Years Later: Which Fixes Actually Stuck?
Three years after Log4Shell's disclosure, which fixes actually held? A look back at CVE-2021-44228's timeline, CVSS/EPSS/KEV context, and lingering exposure.
Log4j Two Years Later: Are We Actually Safer?
Two years after Log4Shell shook the internet, many organizations still have vulnerable Log4j instances. The vulnerability changed how we think about supply chain security—but did it change how we act?
Log4j One Year Later: What We Learned and What We Didn't Fix
A year after Log4Shell shook the internet, many organizations still had vulnerable instances. Here's what the anniversary revealed about our industry.