|
|
|
|
|
|
by lrngjcb
1653 days ago
|
|
|
Hindsight is 20/20, but with a hook on javax.naming.Context#lookup and a generally useful improvement to the Map instrumentation, Jazzer reliably finds #log4j CVE-2021-44228 in ~5 min with a one-line fuzz target:
log.error(data.consumeRemainingAsString()); https://github.com/CodeIntelligenceTesting/jazzer/pull/257 |
|
|