The Log4j vulnerability tracked as CVE-2021-44228 (also known as Log4Shell) allows an attacker to execute arbitrary code in a system. If your application uses Log4j from version 2.0-alpha1
to 2.14.1
, you should update to the latest version (2.16.0
at the time of writing this) as soon as possible.
The Swiss government published an excellent diagram that explains the vulnerability: