Neutrinos Safe from the Apache Log4j Vulnerability

On December 9, 2021, a major vulnerability in Log4j, a Java-based logging library of Apache Software Foundation, was revealed. This vulnerability is now hailed as one of the biggest cybersecurity weaknesses as it has put millions of devices at risk. Also termed as Log4Shell or CVE-2021-44228, this vulnerability has impacted a wide range of platforms, such as Apple, Amazon, Twitter, Minecraft, and many others.

Neutrinos, encompassing its Low-Code Platform, extensions, and dependencies, is safe from this vulnerability as Neutrinos does not use the log4j version 2 core library. The platform is not impacted as it uses Winston for logging. Neutrinos experts have also evaluated everything on the platform after the vulnerability disclosure, and have confirmed that there is no impact on any of Neutrinos Solutions. This evaluation excludes any external components that the platform integrates with, such as Jenkins or Kubernetes.

The Neutrinos Platform is secure from the Apache Log4j Vulnerability.

There are many questions about this vulnerability and its impact on cybersecurity. Please find the answers to most of these important questions below.

1. What is Log4j?

It is a popular open-source logging library developed by Apache used by applications worldwide, such as Amazon, Minecraft, and Apple iCloud, among many others. This library is also used by several government entities. A logging library allows the developers to view all activities of an application.

2. What is this vulnerability or flaw in Log4j called?

The vulnerability is called Log4Shell. Its CVE ID is CVE-2021-44228. The CVE number is a unique number given to each discovered vulnerability across the world.

3. Is Log4j susceptible to the Log4shell vulnerability?

Yes. The Log4Shell vulnerability affects all versions of Log4j, starting with 2.0-beta9 and ending with 2.14.1. It’s a critical flaw that necessitates immediate attention.

4. How does the Log4Shell vulnerability impact cybersecurity?

This vulnerability allows hackers or attackers to gain uncontrolled access to Java-based web servers and trigger remote code execution (RCE) attacks on computer systems. Cybersecurity researchers believe that all applications or platforms or devices that use Log4j are a potential target due to this vulnerability.

5. Is the Log4Shell vulnerability a serious concern?

Yes. The cybersecurity firm LunaSec states that this library is “ubiquitous” across applications, and the exploit grants complete server control and is simple to execute. According to LunaSec, it will most likely affect Apple’s iCloud and the online gaming provider Steam. CheckPoint, another cybersecurity firm believes this issue “may be exploited either over HTTP or HTTPS (the encrypted version of browsing). Meanwhile, the Cyber Emergency Response Team (CERT) of New Zealand has issued a statement claiming that the vulnerability may give an attacker complete control of the compromised server and that it is being “actively exploited in the wild.” This vulnerability can be exploited by cybercriminals for nefarious activities.

6. Is there a fix to this vulnerability?

Apache has rolled out a new update, Log4j 2.16.0, to resolve this issue. The firm is recommending all platforms and apps using Log4j to upgrade to this version to fix the vulnerability. This upgrade disables the JNDI functionality by default and removes support for the message lookup pattern.

7. What services or apps are impacted by Log4Shell?

LunaSec states that services such as Minecraft, gaming service Steam, and Apple iCloud are among the many impacted. GitHub states that Amazon, Apple, Twitter, Tencent, Baidu, Tesla, Google, WebEx, LinkedIn, CloudFlare, NetEase, and many more companies are impacted by this vulnerability. Check Point states that the open-source Apache Log4j library has had over 400,000 downloads from its GitHub repository.

8. If I am using the Neutrinos Platform, are my apps safe from this vulnerability?

Definitely Yes! As the Neutrinos Platform uses Winston for logging and not Log4j, all solutions created on the Neutrinos Platform are not impacted by the Log4Shell vulnerability.

If you have more questions on this vulnerability or want more information on how secure the Neutrinos Platform is, please contact us. We would be happy to answer your queries, and also show you how your apps will be protected from this vulnerability on the Neutrinos Platform.

Contact Neutrinos Now!

Contact Neutrinos
to Explore Our Platform

Posted inBlog

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_BB4N5RC9E7	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_141907361_5	1 minute	Set by Google to distinguish users.
_gat_UA-141907361-5	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gd_session	4 hours	This cookie is used for collecting information on users visit to the website. It collects data such as total number of visits, average time spent on the website and the pages loaded.
_gd_svisitor	2 years	This cookie is set by the Google Analytics. This cookie is used for tracking the signup commissions via affiliate program.
_gd_visitor	2 years	This cookie is used for collecting information on the users visit such as number of visits, average time spent on the website and the pages loaded for displaying targeted ads.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_an_uid	7 days	No description available.
_lfa_test_cookie_stored	past	No description
apbct_cookies_test	session	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
apbct_pixel_url	session	No description
apbct_site_landing_ts	session	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
apbct_timestamp	session	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.
ct_fkp_timestamp	session	CleanTalk–Used to prevent spam on our comments and forms and acts as a complete anti-spam solution and firewall for this site.