Log4J vulnerability CVE-2021-44228
Hello,
Could you please confirm whether the recently found Log4j vulnerability is in anyway impactful to Cloudinary in any of its implementation, and if so - what versions are affected, in what way, and what would be the mitigating steps you recommend to your customers?
thanks
Tom
-
Hi Tom,
Thanks for reaching out.
We fully understand your concern around this new, critical level, Log4j vulnerability. Especially as it was categorized as Critical with a CVSS score of 10 (the highest score possible).
Our security and operations teams immediately (Friday, Dec.10, 2021) reviewed all of our services and interfaces in order to map potential exposures.
Our team managed to successfully validate that currently, we’re not aware of any potential exposure for this specific vulnerability.In general, we believe in proactive security operations, meaning, we’ll keep evaluating the situation in order to verify we proactively mitigate potential related risks going forward.
Regards,
Victor
Please sign in to leave a comment.
Comments
1 comment