Log4shell And Endemic Vulnerabilities in Open-Source Libraries

The recent disclosure of a series of vulnerabilities in log4j, and their subsequent widespread exploitation, led to many frantic weeks as cybersecurity researchers and defenders sought to stem attacks using this vulnerability... The number of impacted products, coupled with challenges in applying fixes, mean the log4j vulnerability (known as log4shell) will remain in the global software ecosystem for a long time.