Can 'log4js' be a security threat too ??

[gigglegirl]

Recently log4j a java logging library has been reported as zero day vulnerability security threat. Can 'log4js' a node logging framework be a security threat too. ?? If yes , My node application is using 'karma' as a devdependency and 'log4js' is a nested dependency inside karma. Can this pose any security threat to my application. If yes how can I mitigate this ??? I am using karma to run test cases locally.

[boom-dev]

CVE-2021-44228 issue had discuss in closed issue - #1107

[gigglegirl]

I wanted to know about 'log4js' not 'log4j'. My application is using log4js: '^6.3.0' inside karma version '6.3.9'

[ToobzIO]

I'm interested in this as well - karma shouldn't be deployed in your production packages, but I am still curious if this vulnerability affects the latest karma package.

[ArmandFrvr]

Looks like this was addressed here: #1105