Apache Log4j is a widely-used Java-based logging library that could be weaponized to execute malicious code. The bug has scored a perfect 10 on 10 in the CVSS rating system, indicative of the severity of the issue. A single string of text can trigger an application to reach out to a malicious external host if it is logged via the vulnerable instance of the library. Attackers have been able to gain RCE on Minecraft Servers by pasting a specially crafted message into the chat box.”]
Source: https://thehackernews.com/2021/12/extremely-critical-log4j-vulnerability.html