Safeguard
Tag

cve-2021-44228

Safeguard articles tagged "cve-2021-44228" — guides, analysis, and best practices for software supply chain and application security.

13 articles

Threat Research

Lessons from Log4Shell: How One Logging Call Became the Internet's Worst Weekend

CVE-2021-44228 let an unauthenticated attacker run code by getting a single string logged. Here is how Log4Shell worked, why it was everywhere, and what actually contained it.

Jul 2, 20266 min read
Vulnerability Analysis

Log4j Log4Shell vulnerability explained CVE-2021-44228

Log4Shell (CVE-2021-44228) let attackers gain RCE via a single logged string. Here's the CVSS/EPSS/KEV context, timeline, and how to remediate it.

Jul 2, 20267 min read
Vulnerability Analysis

Log4Shell remediation cheat sheet

A practical, no-fluff Log4Shell remediation cheat sheet: affected versions, CVSS/EPSS/KEV context, timeline, and the exact steps to close CVE-2021-44228.

May 6, 20267 min read
Vulnerability Analysis

Log4Shell (Log4j Vulnerability) Explained

A deep dive into Log4Shell (CVE-2021-44228): how the critical Log4j2 RCE flaw worked, its timeline, affected versions, and how to remediate it.

Feb 12, 20267 min read
Vulnerability Analysis

Log4Shell (CVE-2021-44228) and the supply chain lessons o...

A Log4Shell CVE-2021-44228 analysis covering the JNDI lookup flaw, CVSS 10.0 severity, KEV status, patch timeline, remediation steps, and the transitive dependency lessons it taught.

Jan 22, 20268 min read
Vulnerability Analysis

Log4Shell RCE in Apache Log4j (CVE-2021-44228)

A deep dive into CVE-2021-44228 (Log4Shell): the critical Log4j RCE vulnerability, its timeline, affected versions, and concrete remediation steps.

Jan 19, 20267 min read
Vulnerability Analysis

Log4Shell Five Years Later: What CVE-2021-44228 Taught Us About Transitive Risk

Five years after Log4Shell, the technical details still matter, but the lasting lessons are about transitive dependencies, SBOM accuracy, and the long tail of unpatched internal tooling.

Jan 9, 20265 min read
Container Security

How Log4Shell exposed cloud container images and how to d...

Log4Shell (CVE-2021-44228) still hides in container images years later. Here's how it works, its CVSS/EPSS/KEV context, and how to detect and remediate it across ECR, ACR, and GAR.

Jan 6, 20268 min read
Vulnerability Analysis

Log4Shell (CVE-2021-44228) Deep Dive: JNDI Injection in L...

Log4Shell (CVE-2021-44228) let attackers achieve remote code execution via a single logged string. A deep dive into the JNDI flaw, its impact, and remediation.

Oct 28, 20258 min read
Industry Analysis

Log4Shell Three Years Later: Which Fixes Actually Stuck?

Three years after Log4Shell's disclosure, which fixes actually held? A look back at CVE-2021-44228's timeline, CVSS/EPSS/KEV context, and lingering exposure.

Jul 13, 20257 min read
Open Source Security

Log4j Two Years Later: Are We Actually Safer?

Two years after Log4Shell shook the internet, many organizations still have vulnerable Log4j instances. The vulnerability changed how we think about supply chain security—but did it change how we act?

Dec 10, 20235 min read
Vulnerability Analysis

Log4j One Year Later: What We Learned and What We Didn't Fix

A year after Log4Shell shook the internet, many organizations still had vulnerable instances. Here's what the anniversary revealed about our industry.

Dec 12, 20227 min read
cve-2021-44228 — Safeguard Blog