Skip to main content

Security Advisory - Apache Log4j (CVE-2021-44228)

ยท One min read
Matt Fellows
Co-founder @ Pactflow

This security advisory provides customers with an update on how Pactflow services are affected by the Apache Log4j vulnerability (CVE-2021-44228). This vulnerability has been referred to as Log4Shell by some outlets.

What is this vulnerability?#

A Remote Code Execution (RCE) vulnerability was discovered in the popular Java logging library, Log4j. This industry-wide security vulnerability allows for an unauthenticated adversary to execute code on systems that have this library deployed, by providing specific crafted content. This is a serious vulnerability that affects many software products and online services.

How does this vulnerability affect Pactflow?#

Pactflow immediately began investigating its environment to identify any affected systems. After an investigation was completed, it was determined that:

  • The Log4j library is not implemented in any of Pactflow's application services or SDKs;
  • The Log4j library is not used by any of our open source clients (e.g. Pact JVM).

What actions should I take?#

Users of Pact or Pactflow do not need to take any action at this time.

Where can I find more information?#

Additional information on this vulnerability can be found here: