Log4Shell

Log4shell (CVE-2021-44228), is a zero-day vulnerability in Log4j, a logging tool in Java. People have figured out that you can abuse this vulnerability to execute remote code. On 24 November 2021, Chen Zhaojun of Alibaba's Cloud's security team told Apache about this. It has been publicly disclosed since December 9, 2021.^[1] Apache has given this vulnerability a 10, the highest rating.

References

1. Newman, Lily (2021-12-10). "'The Internet Is on Fire'". Wired. Retrieved 2021-12-23.