CVE-2019-17571 affecting SJC
pmonks opened this issue · comments
Peter Monks commented
CVE-2019-17571 has been raised against log4j v1.2.17.
Although it's not a direct dependency, SJC transitively depends on log4j v1.2.17 via slf4j-log4j12 v1.7.21.