Exploit for Improper Input Validation in Apache Log4J CVE-2021-44228

Name: Exploit for Improper Input Validation in Apache Log4J CVE-2021-44228
Rating: 5 (214 reviews)

2021-12-10 | CVSS 9.3

## https://sploitus.com/exploit?id=7B9BDDBA-81E8-5739-B3F7-419C0D6E2316
# Patch pulsar images with Apache Log4J 2.17.1 upgrade

Covers [CVE-2021-44228](https://vulners.com/cve/CVE-2021-44228), [CVE-2021-45046](https://vulners.com/cve/CVE-2021-45046), [CVE-2021-45105](https://vulners.com/cve/CVE-2021-45105) [CVE-2021-44832](https://vulners.com/cve/CVE-2021-44832)

See [Log4J Security Vulnerabilities and upgrades](https://logging.apache.org/log4j/2.x/security.html) for more information.


see the [Dockerfile](Dockerfile) for the solution

## Building and pushing patched docker images

example usage:
```
# build and tag image
docker build --build-arg=ORIGINAL_IMAGE=apachepulsar/pulsar-all:2.8.1 . -t lhotari/pulsar-all:2.8.1-log4j-patched
# verify
docker run --rm -it lhotari/pulsar-all:2.8.1-log4j-patched bash -c 'ls /pulsar/lib' | grep log4j
# push image
docker push lhotari/pulsar-all:2.8.1-log4j-patched
```