# snyk log4shell -- find Log4Shell vulnerability

## Usage

`snyk log4shell`

## Description

The `snyk log4shell` command finds traces of the Log4J library that are affected by the Log4Shell vulnerability [CVE-2021-44228](https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHELOGGINGLOG4J-2314720), even if this library is not declared in the manifest files (such as pom.xml or build.gradle).

## Managed projects

To test Java projects using their package manager manifest files, see [Snyk for Java (Gradle, Maven)](https://docs.snyk.io/products/snyk-open-source/language-and-package-manager-support/snyk-for-java-gradle-maven).

For information about `snyk test --scan-all-unmanaged`, see the Maven options section of the [CLI reference](https://docs.snyk.io/features/snyk-cli/cli-reference).

## Exit codes

Possible exit codes and their meaning:

**0**: success, Log4Shell not found<br />
**1**: action_needed, Log4Shell found<br />
**2**: failure, try to re-run command<br />

## Debug

Use the `-d` option to output the debug logs.