ConsenSys response to Log4J Vulnerability
As you have seen in international media coverage, a critical software vulnerability alert has been raised for the log4j software library vulnerability, a component widely used across internet infrastructure, including solutions and source code developed and used by ConsenSys.
Log4j is a critical vulnerability as it allows an attacker to execute remotely on target computers and servers, and it is being actively exploited. The main challenge for the international security community is to find and update vulnerable log4j instances in complex environments, before the attackers do.
In response to this critical alert, ConsenSys’ updated its log4J instances included in open source code stored in our public Git repository, internal solutions and cloud services. We are actively scanning our environment to make sure we leave no stone unturned.
We’ll continue to update this blog post as we have new information to share or if any additional steps need to be taken.