News
There are 17,000 unpatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
Syft is also able to discern which version of Log4j a Java application contains. The Log4j JAR can be directly included in our project, or it can be hidden away in one of the dependencies we include.
One of the challenges of Log4j is its popularity and inclusion in numerous Java libraries. Once you have rooted out the older versions across your own code, it is time to investigate what else you ...
Even worse, in the case of Log4j, it may be extremely hard for even security professionals to understand whether this code is part of their applications and thus a potential risk. Like much open ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results
Feedback