Paula Gentle on Friendica December 20, 2021 7:07pm Ähm - #Log4Shell via #Javascript #WebSocket auf dem #Client - hätte ich das besser erst morgen früh lesen sollen? Bin mir noch nicht sicher ob des tatsächlichen Potentials. Geht das wirlich?!? https://www.blumira.com/analysis-log4shell-local-trigger/ #security #log4j #rce #PandoraBox An Analysis of The Log4Shell Alternative Local Trigger Blumira’s security team discovered the potential for an alternative attack vector in the Log4j vulnerability, which relies on a Javascript WebSocket connection to trigger the RCE on internal and locally exposed unpatched Log4j applications.