Log4J vulnerability CVE-2021-44228

Follow
Avatar
tomasz bienko

Hello,

 

Could you please confirm whether the recently found Log4j vulnerability is in anyway impactful to Cloudinary in any of its implementation, and if so - what versions are affected, in what way, and what would be the mitigating steps you recommend to your customers? 

 

thanks

Tom

0

Comments

1 comment

Sort by Date Votes
  • Avatar
    Victor Li

    Hi Tom,

    Thanks for reaching out.

    We fully understand your concern around this new, critical level, Log4j vulnerability. Especially as it was categorized as Critical with a CVSS score of 10 (the highest score possible).

    Our security and operations teams immediately (Friday, Dec.10, 2021) reviewed all of our services and interfaces in order to map potential exposures.
    Our team managed to successfully validate that currently, we’re not aware of any potential exposure for this specific vulnerability.

    In general, we believe in proactive security operations, meaning, we’ll keep evaluating the situation in order to verify we proactively mitigate potential related risks going forward.

    Regards,
    Victor

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post