Environment
- Yugabyte Platform and CoreDB
Issue
On December 10, 2021, NIST published a critical Common Vulnerabilities and Exposure alert, CVE-2021-44228. More specifically, the vulnerability is a remote code execution vulnerability that can allow an unauthenticated attacker to gain complete access to a target system.
- Additional Information: For more information, please review CVE-2021-44228 and the Apache Log4j2 post.
Resolution
Overview
Yugabyte is aware of the recently disclosed Apache Log4j2 vulnerability (CVE-2021-44228). We have assessed the potential impact of the vulnerability on Yugabyte products and services and have confirmed that Yugabyte products and services are not affected.
The Apache Log4j2 utility is a commonly used component for logging requests, but it is not used within Yugabyte products and services. We appreciate your trust and we continue to make your success our top priority.
Comments
0 comments
Please sign in to leave a comment.