Log4j RCE exploit

[dirt]

By now almost everyone knows, but for those who don't: there was a log4j rce (remote code execution) exploit.
However, there are still many clients and servers affected.

More information can be found here:

https://github.com/advisories/GHSA-jfh8-c2jp-5v3q

To fix the exploit you should update log4j or
add "-Dlog4j2.formatMsgNoLookups=true" to the jvm arguments.

 

[dirt]

There is another log4j CVE.

More information can be found here:

https://github.com/advisories/GHSA-7rjr-3q55-vv33

To fix the exploit, you should update log4j or remove the JndiLookup class from the classpath.

Note that "-Dlog4j2.formatMsgNoLookups=true" does not fix the problem