New Log4j Attack Vector Discovered

Threat actors may trigger the Log4j RCE flaw on internal or locally exposed applications by a JavaScript WebSocket connection, a risk only worsened by a third vulnerability in the logging framework. Blumira’s CTO, Matthew Warner, highlighted the implications of a vulnerable Log4j version hosted on a local private network or machine. In response to the vulnerabilities, the Apache Foundation issued three updates to the logging framework, urging organisations to patch local development and internal servers.