Log4Shell: RCE 0-day exploit in Java applications

Log4Shell: RCE 0-day exploit in Java applications

2021-12-20
  1. Orbit does not utilize Log4J or any tools vulnerable to https://nvd.nist.gov/vuln/detail/CVE-2021-45105
  2. WPEngine's platform does not make use of log4j in any way, which entails they are not impacted by the vulnerability at all
  3. Pantheon completed an audit and remediation https://status.pantheon.io/incidents/4218hmf57plg and continues to monitor their platform. https://status.pantheon.io/incidents/cnw7qwxy20rv

2021-12-13
We are gathering information about the “Log4J Shell” vulnerability, if and how it affects any of our websites, and what our next steps are.  

We understand that it exploits a technology not directly used by Orbit websites, but could be used on hosting providers infrastructure environments.
We are awaiting more information from our hosting partners to determine if we need to take any action.

We'll keep update this article with more information.


Sincerely,
Orbit Media Studios