As you may be aware, on December 9, 2021 a very serious vulnerability (NVD - CVE-2021-44228 (nist.gov) in the popular Java-based logging package Log4j was disclosed. This vulnerability can allow bad actors to carry out a Remote Code Execution (RCE) attack on an affected server.
Investigation and Response
While SPARK does not utilize Log4j in our core platform, due to the severity of the issue our team completed a review of our tools and infrastructure to determine the potential impact of the vulnerability. Based on our investigation, we do not believe the Log4j vulnerability poses any risk to SPARK.
Our security operations team is actively monitoring the situation and we have updated our Intrusion Detection and Prevention monitoring with specific rules to prevent attackers from exploiting this Log4j-specific vulnerability on our systems. We will continue to monitor news, information, and updates from our trusted security partners and take additional recommended action as appropriate.
For future updates on any security-related events, please go to updates.lendwithspark.com and subscribe to the Security Category. If you have any additional questions or concerns, please contact firstname.lastname@example.org.