Tools for remediating the recent log4j2 RCE vulnerability (CVE-2021-44228)
log4j-remediation-tools
Tools for finding and reproducing the CVE-2021-44228
log4j2
vulnerability
find-vulnerabilities
: determine heuristically whether a running JVM is vulnerableconfirm-vulnerabilities
: determine with 100% accuracy whether a running JVM is vulnerableBoth of these tools scan all running JVM processes on a machine, and produce a CSV report about which processes may be / are vulnerable.
Check out the corresponding READMEs for find-vulnerabilities/
and confirm-vulnerabilities/
for usage details.
Here are a few tradeoffs to help you determine which tool is right for your use case:
find-vulnerabilities
is low-risk to run, but has the possibility of missing:
log4j2
confirm-vulnerabilities
uses the JVM Attach API which:
This project welcomes feedback and contributions; however, we might be slow to respond to or triage your requests. We appreciate your patience.
This project uses the MIT license.
This project has adopted the Stripe Code of conduct.