Comment on page



snyk log4shell


The snyk log4shell command finds traces of the Log4J library that are affected by the Log4Shell vulnerability CVE-2021-44228
The command finds traces of the Log4J library even if it is not declared in the manifest files (such as pom.xml or build.gradle).

Managed projects

To test for Log4Shell vulnerabilities in Java projects using their package manager manifest files, use the snyk test command. See the test command help (snyk test --help) and Snyk for Java and Kotlin
To test unmanaged files, use snyk test --scan-all-unmanaged
See the Maven options section of the test command help; snyk test --help

Exit codes

Possible exit codes and their meaning:
0: success (scan completed), Log4Shell not found 1: action_needed (scan completed), Log4Shell found 2: failure, try to re-run the command. Use -d to output the debug logs.


Use the -d option to output the debug logs.
Last modified 1mo ago