Description
Log4j2 do recursive replace here:
It's danger if variable value comes from user input.
for example if we have pattern="${ctx:userAgent}" and put User-Agent to MDC, forged header 'User-Agent: ${sys:user.home}' will output actual user home not literal "${sys:user.home}", sensitive data may leak.