Log4j Log4shell Affected Save

Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability

Project README

log4j-log4shell-affected

Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE) for security responders.

We believe it is important to classify the vendors and products between:

Internal risk - what you need to patch first to remove risk internally
External risk - all third/fourth-party vendors that have custody of your data that might've been hacked that you will need to monitor and tackle once you're done patching

Here are the lists:

External Risk - Affected Apps

i.e. all vendors you should worry about if you have data in their environemnt or if they access to your environment

Internal Risk - Affected Components

i.e. software components you might have used in building your products that you should worry if they cause you to be vulnerable

Other useful resources

Lists

Artifacts using log4j

Compromised apps with confirmation

List of responses from various vendors, some affected and some not

Official list maintained by CISA - US Govt

Official list maintained by NCSC - NL govt, high update frequency

Guides how to repsond

A fast and simple guide on what to do to respond to the log4j incident

General incident response guide in case you discover a 3rd party vendor of yours got hacked

Contributing

We are happy to recieve contributions from the community. Contribution guidelines:

Please make a PR editing the raw CSV files.
Please be sure to include a reference source for each added row (claims without a validated link for source of claim will not be accepted)

About this repo

This repo is maintained to simplify response for enterprises and organizations by separating between:

Internal risk - Software components you need to search for and patch in your products / internal environment
External risk - Third and fourth-party vendors/apps who might've been affected and you should to monitor if your data is in their custody

This list is a community project open for everyone to contribute to and is curated by:

Our favorite description of the situation

Meme

Open Source Agenda is not affiliated with "Log4j Log4shell Affected" Project. README Source: authomize/log4j-log4shell-affected

Stars

Open Issues

Last Commit

2 years ago

Repository

authomize/log4j-log4shell-affected

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/log4j-log4shell-affected"><img src="https://www.opensourceagenda.com/projects/log4j-log4shell-affected/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022