Scroll Viewport is no longer vulnerable to this attack.
Scroll Viewport for Confluence Cloud was affected by CVE-2021-44228 before December 10th, 2021.
The severity level of this issue was critical, because it could have been used to remotely execute code (RCE) using the permissions of the application.
No actions are required from customers as updates have automatically been applied to our Cloud apps.
Detailed description of the vulnerability
The usage of the vulnerable log4j 2 dependency may have allowed a malicious actor to use crafted requests to inject their own code into the process of the Scroll Viewport for Confluence Cloud app.
We've rated this bug with a CVSS score of 9.8 (Critical) (see also Common Vulnerability Scoring System Version 3.0 Calculator) and updated our Cloud app on Friday, 10th of December 2021, 12 pm CET.
Other improvements: More accessible keyboard navigation
The release also improves the keyboard navigation for the page tree on article pages.
Your visitors can now skip the navigation and set the focus right into the content of the article. This makes the help center overall a little more accessible on desktop devices.