2. CVE-2021-45046 - Apache Log4j2 Thread Context Lookup Pattern vulnerable to remote code execution in certain non-default configurations. 3. CVE-2021-44228 - Log4j's JNDI support has not restricted what names could be resolved. Some protocols are unsafe or can allow remote code execution. ...