This was already discussed in Log4Shell zeroday and YNH
TL;DR : Yunohost per se is not vulnerable, but there could be a few java apps in the catalog. You can check if you’re vulnerable by running dpkg --list | grep log4j. If this doesn’t return anything, you’re safe.