1 post(s) found.
Log4j 2: New vulnerability on DoS in 2.16.0 and below
Log4j 2.17.0 was released due to security reason. It fixes DoS vulnerability in 2.16.0 and below on v2.
As to the new vulnerability on DoS (denial-of-service), it’s safe with a default Pattern Layout where a Context Lookup such as
... Read$${ctx:loginId}are NOT used in logging configuration. Otherwise, the CVSS score is 7.5 and the severity is high.