As you may have heard, there’s a major security vulnerability floating around right now called Log4Shell. If not, let’s get you up to speed.
Log4Shell is a critical software vulnerability that is sweeping across millions of platforms. By utilizing a security flaw in Apache Log4J, an attacker is able to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.
Although new software vulnerabilities are discovered every day, what makes Log4Shell stand out is Log4J’s wide adoption, coupled with the high severity and the level of difficulty involved with identifying vulnerable systems.
TL;DR: it’s a big deal.
How is Pagely Affected?
An important part of Pagely’s security posture is to ensure that all of our systems are well documented, making it quite easy to determine if anything in our stack is vulnerable. Thanks to strict documentation practices, as well as additional security hardening and penetration testing, we’re confident that Pagely customers have not been impacted by the Log4Shell/Log4J vulnerability.
We recommend keeping up with information about this vulnerability, as there’s a reasonable chance that other services that you are using be using could be vulnerable. For more information, see this detailed list of software affected by the Log4Shell exploit.
For further information on how the vulnerability can be exploited, see also CVE-2021-44228.
As always, if we become aware of any additional concerns that arise from this vulnerability, we’ll provide further updates as necessary.