The typical pattern from this exploit is through HTTP requests to a web server. The CyREST component of Cytoscape does not use a vunlerable version of log4j. That's good news! As a standalone, desktop application the only other exposure is through user-directed actions, e.g., importing a file from online. Please use caution with importing any type of network or data files into Cytoscape.