Log4JPatcher

A java agent to patch the CVE in L4J2

Log4jPatcher

A Java Agent based mitigation for Log4j2 JNDI exploits.

This agent employs 2 patches:

  • Disabling all Lookup conversions (on supported Log4j versions) in org.apache.logging.log4j.core.pattern.MessagePatternConverter by setting noLookups to true in the constructor.
  • Disabling the org.apache.logging.log4j.core.lookup.JndiLookup class by just returning null in its lookup function.

To use

Add -javaagent:Log4jPatcher.jar as a JVM argument.

 

More information on this CVE and it's impact is available at CreeperBlog (creeperhost.net)

The Log4JPatcher Team

GrandArtisan tier frameprofile avatar
  • 31
    Followers
  • 17
    Projects
  • 107.0M
    Downloads

More from Official_CreeperHostView all