I won't detail the vulnerability here, if you don't know it, first check my repo KosmX/CVE-2021-44228-example.
Or use an external reference. Be aware, most of the online details about this, are misleading!
On december 9th 2021 the vulnerability was discovered.
For short, you can execute JNDI lookups by logging a special code.
And, there are GH repos saying the same.