I have scan my hard drive with the 'log4j-detector-master' tool and found some vulnerable Log4J versions in the server version. Here the scan results:
...\Above and Beyond 1.3\libraries\net\minecraft\server\1.16.5-20210115.111550\server-1.16.5-20210115.111550-extra.jar contains Log4J-2.x >= 2.0-beta9 (< 2.10.0) VULNERABLE
...\Minecraft\Above and Beyond 1.3\minecraft_server.1.16.5.jar contains Log4J-2.x >= 2.0-beta9 (< 2.10.0) VULNERABLE

the third one is fixed:
...\Above and Beyond 1.3\libraries\org\apache\logging\log4j\log4j-core\2.15.0\log4j-core-2.15.0.jar contains Log4J-2.x == 2.15.0 OKAY

The official MS solution for this is found here:
https://help.minecraft.net/hc/en-us/articles/4416199399693-Security-Vulnerability-in-Minecraft-Java-Edition

We can see if we can figure out a way to pre-package the solution in our server files for our next version which we are currently working on.

This is not actually an issue, the current version of the modpack comes with Forge 36.2.20 which comes with an updated version of Log4J that fixes the vulnerability.