On December 10, 2021 CVE-2021-44228 was reported, describing an exploit in the Log4j library that allowed a malicious user to run code on an affected system. On December 14, 2021 CVE-2021-45046 was reported, describing a second exploit in Log4j.
Solution
Express Server doesn't use a version of Log4j that is affected by CVE-2021-44228 or CVE-2021-45046.