This notification is to provide details on Storyblok’s response to the high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility.

Context

A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j 2 utility was disclosed publicly via the project’s GitHub on December 9, 2021. The vulnerability impacts Apache Log4j 2 versions 2.0 to 2.14.1.

Implications

Storyblok’s APIs do not use Java and therefore we are not directly affected by the vulnerability within our systems. We identified one service (server monitoring tool) that has a log4j within the affected versions and applied necessary patches immediately. This service does not have access to data of any customers nor similar access levels to be identified as a risk.