-
Statement on Log4Shell (CVE-2021-44228)
Appfigures is aware of CVE-2021-44228, a vulnerability in a popular Java library (also called Log4Shell). Immediately following the announcement, our teams have worked to evaluate our infrastructure and can confirm that Appfigures isn't impacted by this vulnerability. The teams identified one internal application that was using a version of the library that isn't impacted. This application has never been accessible from the public internet, and log analysis shows no unauthorized access. If you have any questions don't hesitate to contact us directly.
-
Statement on Spring4Shell (CVE-2022-22965)
Appfigures is aware of CVE-2022-22965, a vulnerability in a popular Java library (also called Spring4Shell). Immediately following the announcement, our teams have worked to evaluate our infrastructure and can confirm that we do not use Spring Core Framework in any part of our application stack. The teams have identified one non-critical, self-hosted, third-party application we use, which is susceptible and has immediately disabled it until the vendor issues an appropriate fix. This application has never been accessible from the public internet, and log analysis shows no unauthorized access. If you have any questions don't hesitate to contact us directly.