The security vulnerability CVE-2021-44228, https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228 (‘Log4Shell’) is an exploit that takes advantage of java based applications in order to gain privileged access to the machine.
CareAR does not utilize Java in its deployment. As a result, CareAR code is not exploitable by the Log4Shell vulnerability. There is no action required for end users to take for CareAR.
|CareAR Applications||Unaffected - no action required||Java not utilized|
|CareAR Backend||Unaffected - no action required||Java not utilized|
|3rd party libraries||Unaffected - no action required||Java not utilized|
|Sub-processors||Twilio is conducting an assessment of all usages of log4j and if identified as being vulnerable, patching as necessary. See this update for more information.|
To read more about the Log4Shell vulnerability and how this affects Java based deployments please visit: https://logging.apache.org/log4j/2.x/security.html