- Yugabyte Platform and CoreDB
On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. More specifically, the vulnerability is a remote code execution vulnerability that can allow an unauthenticated attacker to gain complete access to a target system.
- Additional Information: For more information, please review CVE-2021-44228 and the Apache Log4j2 post.
Yugabyte is aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228). We have assessed the potential impact of the vulnerability on Yugabyte products and services and have confirmed that Yugabyte products and services are not affected.
The Apache Log4j2 utility is a commonly used component for logging requests, but it is not used within Yugabyte products and services. We appreciate your trust and we continue to make your success our top priority.