JFrog’s senior director of security research said the vulnerability has a root cause similar to Log4Shell.