{"id":15133029,"url":"https://github.com/ncsc-nl/log4shell","last_synced_at":"2025-09-29T02:32:35.646Z","repository":{"id":37862121,"uuid":"437470348","full_name":"NCSC-NL/log4shell","owner":"NCSC-NL","description":"Operational information regarding the log4shell vulnerabilities in the Log4j logging library.","archived":true,"fork":false,"pushed_at":"2022-06-15T23:59:35.000Z","size":8108,"stargazers_count":1895,"open_issues_count":0,"forks_count":605,"subscribers_count":68,"default_branch":"main","last_synced_at":"2024-11-12T03:34:52.678Z","etag":null,"topics":["cve-2021-4104","cve-2021-44228","cve-2021-45046","cve-2021-45105","log4j","log4shell","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NCSC-NL.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-12-12T06:27:24.000Z","updated_at":"2024-11-12T01:00:19.000Z","dependencies_parsed_at":"2022-07-09T03:47:03.103Z","dependency_job_id":null,"html_url":"https://github.com/NCSC-NL/log4shell","commit_stats":null,"previous_names":[],"tags_count":168,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NCSC-NL%2Flog4shell","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NCSC-NL%2Flog4shell/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NCSC-NL%2Flog4shell/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NCSC-NL%2Flog4shell/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NCSC-NL","download_url":"https://codeload.github.com/NCSC-NL/log4shell/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":234583683,"owners_count":18856280,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve-2021-4104","cve-2021-44228","cve-2021-45046","cve-2021-45105","log4j","log4shell","vulnerability"],"created_at":"2024-09-26T04:43:22.678Z","updated_at":"2025-09-29T02:32:29.783Z","avatar_url":"https://github.com/NCSC-NL.png","language":"Python","readme":"# Log4shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-4104, CVE-2021-45105)\n\nThis repo contains operational information regarding the Log4shell vulnerability in the Log4j logging library. \nEspecially CVE-2021-44228 / CVE-2021-45046 and also covers CVE-2021-4104 / CVE-2021-45105. For additional information see:\n\n* [NCSC-NL advisory](https://www.ncsc.nl/actueel/advisory?id=NCSC-2021-1052)\n* [MITRE](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228)\n* [EU CSIRT network members advisories, maintained by ENISA](https://github.com/enisaeu/CNW/tree/main/log4shell)\n* [Log4shell vulnerability overview](https://github.com/NCSC-NL/log4shell/blob/main/log4shell_en.png)\n\nFor affected organisations and CISOs searching for concise mitigation guidance, the [Log4Shell for OES - Full presentation slides for CISOs and techies](https://github.com/NCSC-NL/log4shell/blob/main/detection_mitigation/Log4Shell%20for%20OES.pdf) describes the vulnerability and explains **all steps** necessary to successfully mitigate the vulnerability (**patching is not enough**).\n\n## Repository contents\n\n| Directory                          | Purpose |\n|:-----------------------------------|:--------|\n| [hunting](hunting/README.md)       | Contains info regarding hunting for exploitation |\n| [iocs](iocs/README.md)             | Contains any Indicators of Compromise, such as scanning IPs, etc |\n| [detection \u0026 mitigation](detection_mitigation/README.md)   | Contains info regarding detection and mitigation, such as regexes for detecting scanning activity and more |\n| [scanning](scanning/README.md)     | Contains references to methods and tooling used for scanning for the Log4j vulnerability |\n| [software](software/README.md)     | Contains a list of known vulnerable and not vulnerable software |\n| [tools](tools/README.md)           | Contains a list of tools for automatically parsing info on this repo |\n\n**Please note that these directories are not complete, and are currently being expanded.**\n\n**NCSC-NL has published a HIGH/HIGH advisory for the Log4j vulnerability. Normally we would update the HIGH/HIGH advisory for vulnerable software packages, however due to the extensive amounts of expected updates we have created a list of known vulnerable software in the software directory.**\n\n## Contributions welcome\n\nIf you have any additional information to share relevant to the Log4j vulnerability, please feel free to open a Pull request. New to this? [Read how to contribute in GitHub's documentation](https://docs.github.com/en/repositories/working-with-files/managing-files/editing-files#editing-files-in-another-users-repository).\n\n### Hall of fame\n\nWe would like to thank every single one of you that contributed to our GitHub page.\nNCSC-NL believes the GitHub page is a succes and you made that possible.\nBelow we present a very incomplete list of contributants we consider the repository's hall of fame:\n\n* [ANSSI](https://www.ssi.gouv.fr/en/)\n* [BSI/CERT-Bund](https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/cert-bund_node.html)\n* [CERT-EU](https://cert.europa.eu/cert/plainedition/en/cert_about.html)\n* [Cybersecurity \u0026 Infrastructure Security Agency CISA](https://www.cisa.gov/about-cisa)\n* [DCSC](https://www.defensie.nl/onderwerpen/cyber-security/dcsc)\n* [SURFcert](https://wiki.surfnet.nl/pages/viewpage.action?pageId=11063492)\n* [SK-CERT](https://www.sk-cert.sk/en/about-us/index.html)\n* [Z-CERT](https://www.z-cert.nl/)\n\n* @DFFSpace\n* @tintinhamans\n* @milankowww\n* @MrSeccubus\n* @Goldshop\n* @RemkoSikkema\n* @MetzieNL\n* @RobinFlikkema\n* @lucasjellema\n* @iglocska\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fncsc-nl%2Flog4shell","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fncsc-nl%2Flog4shell","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fncsc-nl%2Flog4shell/lists"}