Log4J Vulnerability

Context: Log4Shell was a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability has existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021, and was publicly disclosed on 9 December 2021.

Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit is simple to execute and is estimated to affect hundreds of millions of devices.

More at Log4Shell Wikipedia Page.