Regarding 

CVE-2021-44228

 log4j RCE - Kedro supply chain is not affected - Kedro supports PySpark 

pyspark>=2.2, <4.0

 as an optional dependency - All versions of PySpark (and Hive use) use log4j version 

1.2.17

 out of the box - The issue affects versions log4j  

>2.10

 and is fixed in 

2.15.0

- Unless your cluster has manually updated your version of logger you should not be affected (ironically older version helps here)