(I’ll be updating this post as more rules are available to stop new vulnerabilities.)
Credit to Christian Folini at coreruleset.org for providing the rule.
A major vulnerability has been discovered in Java web apps basic logging function called Log4J/Log4Shell. The best remedy for this is to update Log4j itself, or update the web app platform running Log4j with a newer version provided by the vendor. But that may take a while in many instances to fully implement.