If you develop software in Java, you are probably affected. Log4J is a really popular package to deal with logging.
In a nutshell, if an attacker manages to log a specific, crafted string, the library will load code from a random, remote host. Affected are all versions between 2.0 and 2.14.1.
Given how ubiquitous this library is, the impact of this vulnerability is quite severe. Learn how to patch it, why it’s bad, and more in this post.