Questions tagged [jndi]

Log4shell is making the news. A vulnerability in the widely used logging tool Log4J is putting many servers and even some desktop applications at risk of remote code execution. How does this vulnerability work? What sort of mistake makes it…

If a version of log4j2 is present on a server (say, 2.5 or 2.7) but the JndiLookup class does not exist in any jars, does this mean this specific implementation of log4j2 is not vulnerable to Log4Shell?