Although version 2.16 closed the critical vulnerabilities that allowed remote code execution and local code execution, this release is still vulnerable.
An attacker can use a manipulated string to create a buffer overflow in log4j's context lookup functionality and ultimately a denial of service.
Version 2.17 fixes this problem.
A detailed explanation can be found here:
https://www.whitesourcesoftware.com/resources/blog/log4j-vulnerability-cve-2021-45105/
If you have any questions, please feel free to contact us.
We wish you continued safe times!
Your Empalis Team