L2 is a more advanced security level than L1. In the current description, it is the opposite as L1 is more secure than L2 (which is nothing more then L1 with possible exceptions)
Verification
L1
Verify that the app does not use any 3P libraries at a version vulnerable to a CVE with a severity >= CVSS 7.0.
L2
Verify that the app does not use any 3P libraries at a version vulnerable to a CVE with a severity >= CVSS 7.0.
An app that uses a 3P library at a version vulnerable to a CVE with CVSS >= 7.0 can pass this test if the developer provides additional justification that:
The app does not invoke the vulnerable 3P library code or
The 3P library has not yet made an update available. This is acceptable only if the 3P library has a regular patch process.
L2 is a more advanced security level than L1. In the current description, it is the opposite as L1 is more secure than L2 (which is nothing more then L1 with possible exceptions)