From helpnetsecurity.com
When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has seen in her decades-long career and it could take years to address.
It’s true: the flaw is remotely exploitable by unskilled attackers and vulnerable versions of the open source library are seemingly ubiquitous – and are still being downloaded and used.
Attackers have been trying to exploit the vulnerability to compromise systems around the world to deliver cryptominers and ransomware or to establish persistent access for a future attack.