FastSpring incident

CVE-2021-44228: Log4j2 Security Vulnerability

Notice Resolved View vendor source →

FastSpring experienced a notice incident on December 10, 2021, lasting —. The incident has been resolved; the full update timeline is below.

Started
Dec 10, 2021, 12:00 AM UTC
Resolved
Dec 10, 2021, 12:00 AM UTC
Duration
Detected by Pingoru
Dec 10, 2021, 12:00 AM UTC

Update timeline

  1. resolved Dec 13, 2021, 08:35 PM UTC

    FastSpring is actively following the security vulnerability in the Apache foundation's open source library Log4j2 utility CVE-2021-44228 (https://nvd.nist.gov/vuln/detail/CVE-2021-44228). The vulnerability could allow attackers to perform remote code execution on applications that use the affected library. The FastSpring team was able to react very quickly to this exploit and has updated all applications to include the latest fix provided by Apache https://logging.apache.org/log4j/2.x/security.html on Dec 10. In addition, the team also implemented additional extensive measures in our web application firewall to thwart any malicious traffic that may try to leverage the vulnerability. We will continue to monitor the situation and provide updates as necessary.