Apache Log4j security vulnerability

Incident Report for Framer

Resolved

This incident has been resolved.
Posted Dec 24, 2021 - 14:55 CET

Monitoring

Framer is aware of a high-severity security vulnerability in the Apache Log4j logging library. This vulnerability was disclosed on Friday by the Apache Log4j project and is being tracked as CVE-2021-4428 (and dubbed "Log4Shell"). If exploited, this vulnerability could potentially allow a remote attacker to execute arbitrary code on the server.

As soon as the vulnerability was made public on Friday (December 10, 2021), Framer's security team began a thorough audit of their products and cloud infrastructure. It was found that Framer products are not directly impacted, as they don't use Java in their stack. Framer does depend on several AWS services that use Apache Log4j, these have all since been patched.

Framer will continue to monitor the situation closely. If you have any questions or concerns, please reach out to your account manager or Framer Support (support@framer.com)
Posted Dec 14, 2021 - 12:32 CET
This incident affected: App.