Log4j appears to be the gift that keeps on giving. The severity score for the second Log4j vulnerability, CVE-2021-45046, has been upgraded from a CVSS score of 3.7 to 9.0. The fix for the original CVE-2021-44228 in Apache Log4j has been found to be incomplete allowing for Remote Code Execution in certain configurations.
LunaSec blog post here!