“This new Log4j vulnerability is likely going to be another “flashbulb memory” event in the timeline of significant vulnerabilities. It is the most widely used logging framework in the Java ecosystem.”
Applies to log4j 2.x versions until and including 2.15.0. Fixed version to be on is 2.16.0. Vulnerability based on Praetorian’s blog. Summed up more stuff in this news report. Currently under Fast-Track as full disclosure is pending with Apache. More details will be released in due course of time.
"This is akin to someone figuring out mailing a letter into your post box with a specific address written on it allows them to open all your doors in your house.”