Log4j: Why is it there? Exploit possible?

 gci -r -fi log4j*

    Verzeichnis: C:\Program Files (x86)\Arduino\lib

Mode                 LastWriteTime         Length Name
----                 -------------         ------ ----
-a----        03.09.2021     09:53         273454 log4j-api-2.12.0.jar
-a----        03.09.2021     09:53        1667269 log4j-core-2.12.0.jar
PS C:\Program Files (x86)>

We should probably get a release out of the door with version 2.15.x, before somebody finds a way to exploit it. Would it be enough to have the exploit line in code somewhere?

Hi @coocooc Please see this page for all the official information:

1 Like

Thanks for the quick response! Good to hear that a solution is available.