A flaw was found in the Apache Log4j logging library 2.x. when the logging configuration uses a non-default Pattern Layout with a Context Lookup. Attackers with control over Thread Context Map input data can craft malicious input data that contains a recursive lookup and can cause Denial of Service