The security vulnerability CVE-2021-44228, https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228 (‘Log4Shell’) is an exploit that takes advantage of java based applications in order to gain privileged access to the machine.
CareAR does not utilize Java in its deployment. As a result, CareAR code is not exploitable by the Log4Shell vulnerability. There is no action required for end users to take for CareAR.
Platform | Log4Shell Status | Reason |
CareAR Applications | Unaffected - no action required | Java not utilized |
CareAR Backend | Unaffected - no action required | Java not utilized |
3rd party libraries | Unaffected - no action required | Java not utilized |
Sub-processors | Twilio is conducting an assessment of all usages of log4j and if identified as being vulnerable, patching as necessary. See this update for more information. | Twilio has fully remediated the Log4j vulnerability. |
To read more about the Log4Shell vulnerability and how this affects Java based deployments please visit: https://logging.apache.org/log4j/2.x/security.html