Does anyone know the details of how this got discovered and released? It definit... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

mcintyre1994 on Dec 10, 2021 | parent | context | favorite | on: Log4j RCE Found

Does anyone know the details of how this got discovered and released? It definitely doesn’t sound like a normal responsible disclosure process if it was discovered a few hours before this post. Was it spotted being abused?

dontchooseanick on Dec 11, 2021 [–]

See the reddit netsec thread [0] . There is evidence of attackers having the exploit since April 2021, thus the disclosure.

> Was it spotted being abused.

No, not at 2021-12-10 AFAIK, just spotted being spread.

[0] https://reddit.com/r/netsec/comments/rcwws9/rce_0day_exploit...

Consider applying for YC's Spring batch! Applications are open till Feb 11.
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact