5 days ago log4j received hot-fix for huge RCE. It's not quite known topic and today it has been expolited in multiple projects.
It's really easy to reproduce, you should take a look at dependencies in your projects to address this issue. At least bump it to 2.15, the best choice is to move to e.g. logback, at least for a while.