They only had to hand off the string to the log4j logger, not parse it. If they parsed it and bombed, then they short circuited the vulnerability.
3 Likes
They only had to hand off the string to the log4j logger, not parse it. If they parsed it and bombed, then they short circuited the vulnerability.