Menu

FAQs / Advisory – Apache Log4J vulnerability

Advisory – Apache Log4J vulnerability

Forward Clinical Ltd trading as Pando and Juno was alerted (Saturday 18th December 2021) to a Common Vulnerabilities and Exposures notice (CVE-2021-45105) that Apache Log4j2 does not always protect from infinite recursion in lookup evaluation.
This means that Log4j2 is vulnerable to potential Denial of Service attacks.

References:

Forward Clinical Ltd treated this as an emergency/critical issue.We have conducted a full dependency analysis on the Android APKs that our products utilise alongside their transitive dependencies. None of them use Apache Log4j2.
Any Amazon Web (AWS) services that use or used Apache Log4j2 will be subject to patching by AWS.
In this respect, we consider that the Pando and Juno services are not vulnerable to this exploitation.