Please refer to Security implications of Apache Log4j vulnerabilities.