This repository was archived by the owner on Dec 10, 2025. It is now read-only.
Issue with a false positive on log4j-1.2-api-2.17.1.jar files #55
Description
Would it be possible to exclude the file log4j-1.2-api-2.17.1.jar as vulnerable to CVE-2021-4104?
I believe it is being flagged because "log4j-1.2" but this file is in the latest version of Log4j,
Here is the output message:
Log4j Found: 'C:\Program Files (x86)*\log4j-1.2-api-2.17.1.jar' ( Manifest Vendor: log4j, Manifest Version: 2.17.1, JNDI Class: NOT Found, Log4j Vendor: log4j-1.2-api, Log4j Version: 2.17.1, CVE Status: Potentially Vulnerable ( CVE-2021-4104: Found ) )
Thanks!,