This article has been indexed from Dark Reading
Over 80% of Java packages stored on Maven Central Repository have log4j as an indirect dependency, with most of them burying the vulnerable version five levels deep, says Google’s Open Source Insights Team.
Read the original article: The Log4j Flaw Will Take Years to be Fully Addressed