On December 9, 2021, Apache disclosed CVE-2021-44228, a remote code execution vulnerability – assigned with a severity of 10 (the highest possible risk score). The source of the vulnerability is Log4j, a logging library commonly used by a wide range of applications, and specifically versions up to 2.14.1 (Note: this vulnerability is also known as Log4Shell).
Article Link: Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild