log4shell
Safeguard articles tagged "log4shell" — guides, analysis, and best practices for software supply chain and application security.
35 articles
How to prevent log injection vulnerabilities in Java
Log injection let attackers turn Log4j logging calls into remote code execution in 2021. Here's how CWE-117 works in Java and how to stop it.
Transitive dependency vulnerabilities explained
A vulnerability three layers deep in your dependency graph is still your problem. Here's how transitive flaws like Log4Shell hide, spread, and get fixed.
Java Security Explained
Java security failures like Log4Shell exposed 3 billion devices — here's why Java's dependency depth makes it uniquely risky, and how to fix it fast.
Log4Shell (Log4j Vulnerability) Explained
A deep dive into Log4Shell (CVE-2021-44228): how the critical Log4j2 RCE flaw worked, its timeline, affected versions, and how to remediate it.
Log4Shell (CVE-2021-44228) and the supply chain lessons o...
A Log4Shell CVE-2021-44228 analysis covering the JNDI lookup flaw, CVSS 10.0 severity, KEV status, patch timeline, remediation steps, and the transitive dependency lessons it taught.
Log4Shell RCE in Apache Log4j (CVE-2021-44228)
A deep dive into CVE-2021-44228 (Log4Shell): the critical Log4j RCE vulnerability, its timeline, affected versions, and concrete remediation steps.
Log4j second RCE bypass (CVE-2021-45046)
The Log4j 2.15.0 patch for Log4Shell was incomplete. CVE-2021-45046 shows how attackers bypassed it to achieve remote code execution.
Log4Shell Five Years Later: What CVE-2021-44228 Taught Us About Transitive Risk
Five years after Log4Shell, the technical details still matter, but the lasting lessons are about transitive dependencies, SBOM accuracy, and the long tail of unpatched internal tooling.
How Log4Shell exposed cloud container images and how to d...
Log4Shell (CVE-2021-44228) still hides in container images years later. Here's how it works, its CVSS/EPSS/KEV context, and how to detect and remediate it across ECR, ACR, and GAR.
Logging Vulnerabilities: Log Injection and Sensitive Data...
Log4Shell, plaintext password logs, and CRLF injection show how logging vulnerabilities turn debug output into a full-blown breach vector for attackers.
Log4Shell (CVE-2021-44228) Deep Dive: JNDI Injection in L...
Log4Shell (CVE-2021-44228) let attackers achieve remote code execution via a single logged string. A deep dive into the JNDI flaw, its impact, and remediation.
Java Supply Chain Security Beyond Log4Shell
Log4Shell was the fire drill. The structural problems — unverified Maven resolution, invisible shaded jars, sprawling transitive graphs — are still there. Here's what to actually fix.