Safeguard
Tag

log4shell

Safeguard articles tagged "log4shell" — guides, analysis, and best practices for software supply chain and application security.

35 articles

Application Security

How to prevent log injection vulnerabilities in Java

Log injection let attackers turn Log4j logging calls into remote code execution in 2021. Here's how CWE-117 works in Java and how to stop it.

May 2, 20266 min read
Open Source Security

Transitive dependency vulnerabilities explained

A vulnerability three layers deep in your dependency graph is still your problem. Here's how transitive flaws like Log4Shell hide, spread, and get fixed.

Apr 30, 20267 min read
Industry Analysis

Java Security Explained

Java security failures like Log4Shell exposed 3 billion devices — here's why Java's dependency depth makes it uniquely risky, and how to fix it fast.

Feb 24, 20268 min read
Vulnerability Analysis

Log4Shell (Log4j Vulnerability) Explained

A deep dive into Log4Shell (CVE-2021-44228): how the critical Log4j2 RCE flaw worked, its timeline, affected versions, and how to remediate it.

Feb 12, 20267 min read
Vulnerability Analysis

Log4Shell (CVE-2021-44228) and the supply chain lessons o...

A Log4Shell CVE-2021-44228 analysis covering the JNDI lookup flaw, CVSS 10.0 severity, KEV status, patch timeline, remediation steps, and the transitive dependency lessons it taught.

Jan 22, 20268 min read
Vulnerability Analysis

Log4Shell RCE in Apache Log4j (CVE-2021-44228)

A deep dive into CVE-2021-44228 (Log4Shell): the critical Log4j RCE vulnerability, its timeline, affected versions, and concrete remediation steps.

Jan 19, 20267 min read
Vulnerability Analysis

Log4j second RCE bypass (CVE-2021-45046)

The Log4j 2.15.0 patch for Log4Shell was incomplete. CVE-2021-45046 shows how attackers bypassed it to achieve remote code execution.

Jan 18, 20267 min read
Vulnerability Analysis

Log4Shell Five Years Later: What CVE-2021-44228 Taught Us About Transitive Risk

Five years after Log4Shell, the technical details still matter, but the lasting lessons are about transitive dependencies, SBOM accuracy, and the long tail of unpatched internal tooling.

Jan 9, 20265 min read
Container Security

How Log4Shell exposed cloud container images and how to d...

Log4Shell (CVE-2021-44228) still hides in container images years later. Here's how it works, its CVSS/EPSS/KEV context, and how to detect and remediate it across ECR, ACR, and GAR.

Jan 6, 20268 min read
Industry Analysis

Logging Vulnerabilities: Log Injection and Sensitive Data...

Log4Shell, plaintext password logs, and CRLF injection show how logging vulnerabilities turn debug output into a full-blown breach vector for attackers.

Oct 29, 20258 min read
Vulnerability Analysis

Log4Shell (CVE-2021-44228) Deep Dive: JNDI Injection in L...

Log4Shell (CVE-2021-44228) let attackers achieve remote code execution via a single logged string. A deep dive into the JNDI flaw, its impact, and remediation.

Oct 28, 20258 min read
Engineering

Java Supply Chain Security Beyond Log4Shell

Log4Shell was the fire drill. The structural problems — unverified Maven resolution, invisible shaded jars, sprawling transitive graphs — are still there. Here's what to actually fix.

Aug 21, 20256 min read
log4shell (Page 2) — Safeguard Blog