[SOLVED] Some questions because a new vulnerability named "Log4Shell"


Let me introduce myself, I’m César and I’m use playcanvas for car visualization applications. I’m writing to ask you some questions because a new vulnerability named “Log4Shell” is being touted as one of the worst cybersecurity flaws to have been discovered in the past days.

In regards to software we use from playcanvas, the idea is to be sure that there are no potential vulnerabilities in playcanvas.

Could hep me in the next questions?:

  • What is the latest version of this software?
  • Have you warned about new cybersecurity vulnerabilities these days?
  • Does this software work with Java logging libraries?
  • What is the Java logging library version installed on this application?
  • Does this software establish communication with external servers/domains/services?
  • When was the last update/change implemented on this application?
  • Could you confirm if the software has some potential vulnerabilities?
  • Have you published a response in regards to this?

Thank you.

We don’t use Log4Shell


we reacted to this vulnerability immediately:

  • we don’t use Java in the backend
  • our security team checked our instances for Log4Shell, nothing reported

@yaustar @yak32 Thanks for the info!!