News
Syft is also able to discern which version of Log4j a Java application contains. The Log4j JAR can be directly included in our project, or it can be hidden away in one of the dependencies we include.
There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
One of the challenges of Log4j is its popularity and inclusion in numerous Java libraries. Once you have rooted out the older versions across your own code, it is time to investigate what else you ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback