What is the vulnerability about?
A very popular logging library widely used by many software providers was found to have a critical severity vulnerability. The vulnerability was ranked critical because it could lead to Remote Command Execution and/or the leaking of sensitive server-side data. This vulnerability was weaponized quickly by bad actors, and by December 10, 2021, it was being exploited across the internet.
What has Bench done about this?
This vulnerability was publicly disclosed on December 9th, 2021. We became aware of it on December 10th, 2021. Bench took action immediately by kicking off an audit of our app, infrastructure, and our software vendors, to determine potential impact. Our exposure to the vulnerability has been minimal, and we are confident that we have patched or mitigated all instances of this vulnerability in our environment.
No known attack has been launched against Bench. But as always, we are actively monitoring and scanning for any suspicious activity. We continue to work with our service providers to understand any remediation required from or by them.
If you have questions or concerns, you can contact us by emailing email@example.com.