The recent log4j Remote Code Execution(RCE) vulnerability has made the entire market shocked and almost every application vulnerable. To mitigate and resolve follow this link: https://www.dynamicallyblunttech.com/post/log4jshell-vulnerability
UPDATE: There is a recent update on the latest version of log4j which is recommended to use.