There is a critical vulnerability has been identified within the Apache Log4J framework which is used by millions of devices running online services. It is a Java-based logging framework part of the Apache Logging Services, a project of the Apache Software Foundation.
What are the implications of the Log4J vulnerability?
The bug in the Apache Log4j module will allow an attacker to execute arbitrary code on any system that uses Log4j to write logs.
How bad is this?
This is a very critical bug that should not be ignored until it is patched. The bug is easily exploitable by someone with limited knowledge of the system.