Twitter Web App : So, uh, you know that log4j vulnerability that allows a malicious actor to perform arbitrary code execution as long as they're able to log a message using a particular version of a Java library.

This attack vector is going to be around forever unless we block JNDI lookups.


Twitter Web App : performing remote code execution in Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104). This attack can be achieved in HTTP request ARGS Value, URL, Cookies, Header Fields.

Matched pattern: