Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability
Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE) for security responders.
We believe it is important to classify the vendors and products between:
i.e. all vendors you should worry about if you have data in their environemnt or if they access to your environment
i.e. software components you might have used in building your products that you should worry if they cause you to be vulnerable
Compromised apps with confirmation
List of responses from various vendors, some affected and some not
Official list maintained by CISA - US Govt
Official list maintained by NCSC - NL govt, high update frequency
A fast and simple guide on what to do to respond to the log4j incident
General incident response guide in case you discover a 3rd party vendor of yours got hacked
We are happy to recieve contributions from the community. Contribution guidelines:
This repo is maintained to simplify response for enterprises and organizations by separating between:
This list is a community project open for everyone to contribute to and is curated by: