This vulnerability is bad. Its repercussions are going to be exploited and felt for a long time. Here is a list from this morning of known services that are vulnerable. This takes no human interaction to exploit and is wormable. https://github.com/authomize/log4j-log4shell-affected