So there has been a lot of hype about this vulnerability. This Blog will help you how to find if any service is using log4j. I will keep this simple and short

Impacted Version

In the Apache security advisory [1], this issue in Apache Log4j2 impacts versions up to and including 2.14.1 (excluding security release 2.12.2). In these versions, the JNDI features used in configurations, log messages, and parameters do not protect against actor-controlled LDAP and other JNDI-related endpoints. An actor who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

you can find if software packages are vulnerable to log4j vulnerability https://github.com/NCSC-NL/log4shell/tree/main/software#log4j-overview-related-software

To find if you are using this library

$ sudo find / -name ‘log4j*’

--

--

Siddhanth Dwivedi

Siddhanth Dwivedi

Security Engineer |Help in building apps more secure|