In this blog post, I look at Log4j ‘s overloaded Logger.log methods and java.util.logging ‘s overloaded Logger.log methods. The next example is a little contrived, but should suffice.

Amazon Web Services (AWS) has updated the 'detectors' in its CodeGuru Reviewer tool to seek out log injection flaws like the recently disclosed Log4Shell bug in the popular Java logging library ...

The following two code snippets show this for a class specifying its Log4j logger and for a class specifying its java.util.logging logger. Note that there are more characters in these examples ...

It’s the most popular logging framework in the Java ecosystem and is used by millions of applications. “Make no mistake, this is the largest Java vulnerability we have seen in years.