Study of the Most Critical Security Vulnerability of the Decade: Log4Shell

Traceability is one of the crucial features of a software application. Logging is considered one of the essential features supported by any software. Logging helps debug the faults in the software by executing the erroneous flows in the software. Log4j2 is a prevalent Opensource Logging Framework created and maintained by Apache Foundation. Several popular Java-based software applications depend on the Log4j2 library for effective logging. Logging being a non-critical and nonfunctional software requirement, the industry was not expecting a Critical security vulnerability. Different security researchers discovered five security vulnerabilities. Most of them are dangerous and actively exploited vulnerabilities. Attackers actively exploit some of these vulnerabilities. This paper discusses the security vulnerabilities found in Log4j2 in 2021, popularly known as Log4Shell. The article also suggests techniques to avoid such security risks.