## https://sploitus.com/exploit?id=EFEB6300-5E40-5922-B25F-5D565002E9BC
# log4j-vuln-demo
**Intentionally vulnerable demo image for Sysdig CNAPP scanning and remediation testing.**
Contains Log4j 2.14.1 โ vulnerable to [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228) (Log4Shell, CVSS 10.0 Critical).
## Purpose
This repo exists to demonstrate Sysdig's end-to-end CNAPP workflow:
1. `/sysdig-investigate` โ surfaces the vulnerable image and ranks it for remediation
2. `/sysdig-remediate` โ resolves a safe fix version (2.15.0+) and opens a PR
## Fix
Bump `log4j-core` and `log4j-api` to **2.17.1** or later in `pom.xml`.
## Image
```
ghcr.io/aaronm-sysdig/log4j-vuln-demo:latest
```