Although Java is not directly involved, I think it's noteworthy that Log::Log4perl offers code execution while reading configuration files. This might be an entry point for an attacker, although not as serious as Log4Shell since it requires access to the Log4perl configuration files while Log4Shell requires just lazy or no input validation. 

#!/usr/bin/env perl

use strict;
use warnings;
use Log::Log4perl;


sub some_quote  { qq{I solemnly swear that I am up to no good.\n} };

#-- this would be the content of a manipulated log4perl configuration 
+file
my $conf = q(
        #-- this could be the content of a configuration file ...
        log4perl.category.Foo.Bar          = INFO, Screen

        log4perl.appender.Screen         = Log::Log4perl::Appender::Sc
+reen
        log4perl.appender.Screen.stderr  = 0
        log4perl.appender.Screen.layout  =  \
                 sub { \
                       print some_quote(); system("date"); \
                       return "Log::Log4perl::Layout::SimpleLayout"; \
                     }
      );

## Log::Log4perl::Config->allow_code(0); #-- would have disabled code 
+execution

Log::Log4perl::init( \$conf );

my $logger = Log::Log4perl::get_logger('Foo::Bar');

$logger->info("Mischief managed.");

[download]

Output: 

Output:

I solemnly swear that I am up to no good.
Fri Dec 24 19:33:09 CET 2021
INFO - Mischief managed.

[download]

This feature can be disabled (see FAQ) using: 

Log::Log4perl::Config->allow_code(0);

[download]

In reply to Re: Log4Shell and Log::Log4perl by Perlbotics
in thread Log4Shell and Log::Log4perl by bliako

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.