Google Cloud recommendations for investigating and responding to the Apache “Log4j 2” vulnerability (CVE-2021-44228)
In this post, we’ll provide recommendations from the Google Cybersecurity Action Team and discuss solutions available to Google Cloud customers and security teams to manage the risk of the Apache “Log4j 2” vulnerability ( CVE-2021-44228 ). Please visit Google Cloud’s advisory page for the latest updates on our assessment of CVE-2021-44228, and the potential impact of the vulnerability for Google Cloud products and services. Background The Apache Log4j 2 utility is an open source Apache framework that is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache [...]