|
|
|
|
|
|
by nonameiguess
1657 days ago
|
|
|
It's used by Elasticsearch, so possible you could exploit the log aggregation service even if the app-level logging library isn't vulnerable, but you'd need a way to make sure the first-level logging doesn't interpret the format string. |
|
|