https://www.bleepingcomputer.com/news/security/over-30-percent-of-log4j-apps-use-a-vulnerable-version-of-the-library/

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.

Log4Shell is an unauthenticated remote code execution (RCE) flaw that allows taking complete control over systems with Log4j 2.0-beta9 and up to 2.15.0.