Log4Shell Public Bug Bounty Specials

Log4Shell (CVE-2021-44228) is an RCE 0day in Log4j, a popular Java logging framework. Many companies have put together bug bounty specials for anyone who can demonstrate that they are still vulnerable to Log4Shell.

CompanyBug BountyAmount (USD)Dates
AsanaBugCrowd$25,000Tue Dec 14 2021 no specified date
CoinbaseHackerOne$30,000Wed Dec 15 2021 no specified date
GlassdoorHackerOne$5,000Tue Dec 14 2021 no specified date
HyattHackerOne$25,000Mon Dec 13 2021 Mon Dec 20 2021

Click here for the data in the table as JSON.

If you have any questions or see anything missing from this list, please contact me on Twitter or however else you find me.