A deserialization flaw was found in Apache Chainsaw versions before 2.1.0 which could lead to malicious code execution.
apache chainsaw
apache log4j
qos reload4j