high

Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

Published Tue, Apr 19th, 2022
Platforms

Summary

AWS's hotpatches for Log4shell worked as intended but introduced new container escape vulnerabilities.

Affected Services

N/A

Remediation

None required

Tracked CVEs

CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071

References

Entry Status
Finalized
Disclosure Date
Tue, Dec 14th, 2021
Exploitablity Period
-
Known ITW Exploitation
-
Detection Methods
-
Piercing Index Rating
-
Discovered by
Yuval Avrahami, Palo Alto