Lunaray Technology Security Announcement: Be alert to remote code execution breaches in Apache Log4j2.
On December 9, the Lunaray Technology detected that Apache Log4j2 remote code execution breach on the Internet. Log4j2 is a logging framework, which is widely used in business system development to record log information. At present, the exploit PoC has been publicized on the Internet. Because Apache Log4j2 is widely used in middleware, development frameworks and web applications, it has been verified to include but not be limited to such as Apache Struts2, Apache Solr, Apache Druid, Apache Flink, Spring-boot, Dubbo, Kafka, etc. The scope of the breach is extremely immensely. It is recommended that blockchain application teams such as trading platforms, wallets, Defi platforms, and GameFi platforms investigate related breaches as soon as possible to avoid security losses caused by hacker attacks.