The vulnerability allows remote code execution on servers, giving an attacker the ability to install malware that could completely compromise a computer. A “security hole” was found in log4j, a Java program logging library used by applications and services on the Internet. When an application or server processes the logs, a special line can cause a vulnerable system to load and run a malicious script.
According to one security researcher, millions of applications use Log4j for logging, and all an attacker has to do is force the application to register a special string.
The Apache Software Foundation has already released an emergency security update that fixes a vulnerability in Java Log4j.