[deleted]

As Coffee stated, it allows hackers to remotely execute code (e.g. get your IP addresses and download stuff) by sending a string with a certain pattern into chat which gets logged internally (which is what minecraft always does with chat and commands), but also remotely executes that malcious code to grab your details/install ransomware.

Procedure of the hack:

• Data from the hacker gets sent to the server via chat message to the server
  
• The server logs the message sent by the hacker, containing the malicious payload
• The (log4j) vulnerability is triggered by this payload and the server makes a request to the main server/Java files of the server via the internally imported software responsible for receiving and displaying chat messages and commands
• The text pattern contains a path to a remote server/java file which is injected and allows an attacker to execute their code remotely.

Hopefully this is ELI5 enough. Might be 10% wrong as im not a full fledged programmer

Btw, this affects all applications who use that logging software, not just minecraft. A whole bunch of enterprise programs were vulnerable to this too, such as Steam and the Apple iCloud.
https://www.lunasec.io/docs/blog/log4j-zero-day/

Basically you can execute whatever pieces of code (malicious or whatever code) just by typing in chat and without permiission of the user!