How To Build A Log4Shell Detector

February 03, 2022 - 21:25

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4J, a popular open-source Java logging framework used by many organizations around the world. Though the vulnerability has been patched, and upgrading to a newer Log4J version solves the problem, not everyone has completed the necessary upgrade.

I've written a Guardsquare blog post showing how you can be build a Log4Shell detector using ProGuardCORE to determine if applications are using an older Log4J version that is susceptible to the vulnerability.