Security Information Notice - Log4j 2 vulnerability
Incident Report for Mangopay Api
Update
The analysis to identify potential vulnerabilities on our third-party components is still ongoing.
None has been detected so far.

We will update this status when this analysis will be completed.
Posted Dec 31, 2021 - 15:53 UTC
Monitoring
Following the recent Critical Vulnerability Alert, from the US NIST and the French CERT on 10 December 2021, in the open-source Apache “Log4j 2" library, MANGOPAY has been assessing the impacts of this vulnerability on its systems:

- We can confirm that this vulnerability does not impact our API code exposed to our customers.
- However, some of the tools and pieces of software used internally could be impacted by this vulnerability. We are working with the different providers and software publishers to identify eventual vulnerabilities and roll out patches as soon as available.

As this event is ongoing, we will keep providing regular updates on this API Status thread.

Get to know more about this vulnerability:
In English (US): https://nvd.nist.gov/vuln/detail/CVE-2021-44228
In French: https://www.cert.ssi.gouv.fr/alerte/CERTFR-2021-ALE-022/
Posted Dec 13, 2021 - 18:12 UTC
This incident affects: Production (MANGOPAY Production API).