Java JVM

An attacker can get information to appear in the log by entering fields which they know are wrong. The Java library here supports kind of macros or template expansion or things like this as a great feature. It turned out that depending on what template strings you passed into this logging library you might be able to trigger it to go download code and run it from the internet. As it expands these templates to fill in other variables and other contexts into the logging message.