Do you have insecure Log4j versions in your code?

 

The recently published critical vulnerability in Apache’s widely popular Log4j Java library (CVE-2021-44228) has sent software development outfits into a tailspin, and additional fix-related CVEs are piling up. 


As is often the case with open source dependencies, it is ubiquitous across open source and third-party applications, meaning that the vulnerable library is most probably used by many applications in your codebase.

Is your codebase vulnerable?

WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions and provides the exact path — both to direct or indirect dependencies, along with the fixed version for speedy remediation.