You have probably already heard that a standard library for Java, “log4j”, is currently exposed to attacks. With this vulnerability, attackers may be able to execute malicious code on your system. Magento is based on PHP and is therefore not affected by this vulnerability.
However, it is possible that other software you use is vulnerable. Typically, this involves the search function of Magento 1. Here, the standard might have been replaced by ElasticSearch or Solr, for example – a specialized and much faster search. Likewise, logging services that archive error messages may be affected. You should urgently ensure that the versions you may be using are no longer affected by this vulnerability.
As soon as we have new information about this vulnerability and affected software, we will inform you again in a newsletter.
If you want your Magento 1 store to stay secure, you should consider our patch service for security and compatibility.