VPCart and Log4j Vulnerability
On December 10, 2021, the National Institute of Standards and Technology (NIST) announced a new vulnerability (CVE-2021-44228) in the Apache Log4j library.
What is log4j?
log4j is a library created by Apache, which functions to print a log. The log means a message, the contents of a variable or anything related to the program.
In programming, we must have written System.out.println("enter function xxx"); Well, this log4j function is the same as that.
The Apache Log4j utility is a commonly used component for logging requests.
Attackers can trick Log4j's software into running malicious code by forcing it to save a log entry that includes a string of text.
The way hackers do this varies from program to program. In the case found in Minecraft, the way is through the chat box.
A log entry is created to archive each message so that if a string of malicious text is sent from one user to another, that text is embedded into the log.
This vulnerability could allow systems running Apache Log4j version 2.14.1 or lower to be compromised and allow arbitrary code to be executed.
Is VPCart secure from log4j?
VPCart Hosting and Software are 100% secure from this vulnerability. Our servers are Windows and do not run Apache.
Once again, VPCart Hosting and Software are not using the version of Log4j affected by the CVE-2021-44228 vulnerability.