■■■■□ OWASP ZAP Zero-Day due to Log4jpwn.
A vulnerability has been found in Log4j which can result in Remote Code Execution (RCE): CVE-2021-44228 also known as Log4Shell.
ZAP 2.11.0 and the previous weekly and dev versions of ZAP use Log4j 2.14.1 which is known to be vulnerable.
https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/
https://t.me/cKure/10408