This is collection of information about the vulnerabilities in Apache Log4j. This is a common tool used for logging in Java applications, and the vulnerability allows execution of malicious code with elevated privileges. The two CVEs that address this are:
The following graphic illustrates the vulnerability exploit and possible remedies. It is drawn from the Swiss government Log4j exploit page.
Addtional information is available in the following pages.