Log4Shell

More info: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

2.16.0 fixes that vulnerability, so just needs everything you just patched to be patched again

Yup. Or you go for a solid WAF/Loadbalancer rule that picks up the exploit traffic in the request and blocks it.v Or you take it off the internet. Or…

Good news! The DoS in Log4j 2.15.0 that was a CVSS3.7 got raised to a CVS9.0 overnight because researchers found a way to execute arbitrary code on the fixed version.

Mac users: It can be done remotely.

Everyone else: Local only at this time.

Hilarious fun.

The DoS in Log4j 2.15.0 that was a CVSS3.7 got raised to a CVS9.0 overnight

cant find anywhere saying it was raised to a 9, have you got a link to it?

The nist database still has it as a 3.7