OSS Remediation — Manual Triage Required
Component: log4j:log4j
Vulnerable version: 1.2.17
Recommended version: UNKNOWN — check Trivy FixedVersion
Severity: CRITICAL
CVEs: CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2021-4104, CVE-2022-23302, CVE-2023-26464, GHSA-2qrg-x229-3v8q, GHSA-65fg-84f6-3jq3, GHSA-fp5r-v3w9-4333, GHSA-w9p3-5cr8-m3jj, GHSA-f7vh-qwp3-x37m, GHSA-vp98-w2p3-mv35
Why the agent skipped this
Bucket 1 — No fix path available
No safe version identified for log4j:log4j. Scanner reported: 'UNKNOWN — check Trivy FixedVersion'. Manual triage required.
Next steps
- Review the CVEs linked above and confirm the recommended version is correct.
- Assess the migration complexity manually.
- Apply the fix in a dedicated branch and verify CI passes.
- Close this issue once the PR is merged.
Opened automatically by the OSS Remediation Agent (bucket 1).
Assign to the relevant team for prioritisation.
OSS Remediation — Manual Triage Required
Component:
log4j:log4jVulnerable version:
1.2.17Recommended version:
UNKNOWN — check Trivy FixedVersionSeverity: CRITICAL
CVEs: CVE-2019-17571, CVE-2022-23305, CVE-2022-23307, CVE-2021-4104, CVE-2022-23302, CVE-2023-26464, GHSA-2qrg-x229-3v8q, GHSA-65fg-84f6-3jq3, GHSA-fp5r-v3w9-4333, GHSA-w9p3-5cr8-m3jj, GHSA-f7vh-qwp3-x37m, GHSA-vp98-w2p3-mv35
Why the agent skipped this
Bucket 1 — No fix path available
No safe version identified for log4j:log4j. Scanner reported: 'UNKNOWN — check Trivy FixedVersion'. Manual triage required.
Next steps