AWS provided a hot-patching service that would patch Java binaries against the Log4Shell vulnerability but that introduced a container escape.

To do this it would look for any process named java, and then try to execute the binary, first just to get the version, then again to actually perform the patch. The problem here being that it would execute java in a fairly privileged context. It would use the containers namespace, but otherwise invoke it with all Linux capabilities and without other isolation mechanisms in play.

An attacker could craft a malicious java binary that would take advantage of being run with these privileges to escape the container.