Severity: Critical
CVSS Score: 10
Versions of npm-groovy-lint prior to 9.1.0 bundle vulnerable versions of the Log4j library which are subject to remote code execution via jndi rendering. As a result npm-groovy-lint prior to 9.1.0 is also vulnerable.