Apache Log4j remained at the center of a major software supply chain security crisis after Log4Shell (CVE-2021-44228) exposed Java applications to remote code execution through crafted requests that could force vulnerable systems to retrieve and run attacker-controlled payloads. The flaw affected Log4j 2.0-beta9 through 2.14.1, was reported as easy to exploit, and was observed in widespread attacks across enterprise networks, prompting urgent calls to identify exposed assets and apply vendor fixes or mitigations.
Remediation proved more complex as Apache issued updates and additional Log4j vulnerabilities emerged, including CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832, raising concerns that patching alone would not address prior compromise or attacker persistence. Organizations were pushed to combine software updates with threat hunting and incident response, while defenders also relied on community tracking of affected products through resources such as CISA's log4j-affected-db, which has since been archived as read-only.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
The cisagov/log4j-affected-db GitHub repository was archived and made read-only, ending active updates to the community-sourced list of Log4j-affected software.
After the Log4j 2.15.0 release, subsequent vulnerabilities CVE-2021-45046, CVE-2021-45105, and CVE-2021-44832 were introduced or revealed, showing the initial remediation was incomplete.
By December 13, reporting described CVE-2021-44228 as a critical zero-day affecting Log4j 2.0-beta9 through 2.14.1 and said it was being actively exploited against vulnerable systems at scale. The same reporting cited Check Point Software's observation of exploit attempts on more than 31.5% of corporate networks globally.
Apache released Log4j version 2.15.0 on December 10 to fix the remote code execution vulnerability CVE-2021-44228 (Log4Shell).
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
logging.apache.org
Open sourcecve.mitre.org
Open sourcemitiga.io
Open sourcemitiga.io
Open sourcemitiga.io
Open sourcegithub.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.